Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
c8JakemodH.exe

Overview

General Information

Sample name:c8JakemodH.exe
renamed because original name is a hash value
Original sample name:9cb76090b74457b23fd3daf8af4793510cb94a970046de0ea4d3bb05527ba2e1.exe
Analysis ID:1436723
MD5:a7ed7796c84c9b27758f359705741455
SHA1:58bb54cd72323d0a73a3839e1b00b84d9260dcb3
SHA256:9cb76090b74457b23fd3daf8af4793510cb94a970046de0ea4d3bb05527ba2e1
Tags:exeLockbit
Infos:

Detection

LockBit ransomware
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Found ransom note / readme
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Yara detected LockBit ransomware
Changes the wallpaper picture
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Deletes itself after installation
Found Tor onion address
Found potential ransomware demand text
Hides threads from debuggers
Machine Learning detection for sample
Modifies existing user documents (likely ransomware behavior)
Overwrites Mozilla Firefox settings
Tries to harvest and steal browser information (history, passwords, etc)
Writes a notice file (html or txt) to demand a ransom
Writes many files with high entropy
Writes to foreign memory regions
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to clear windows event logs (to hide its activities)
Contains functionality to communicate with device drivers
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Enables debug privileges
Enables security privileges
PE file contains an invalid checksum
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Potentially Suspicious Desktop Background Change Via Registry
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

  • System is w10x64
  • c8JakemodH.exe (PID: 728 cmdline: "C:\Users\user\Desktop\c8JakemodH.exe" MD5: A7ED7796C84C9B27758F359705741455)
    • splwow64.exe (PID: 5324 cmdline: C:\Windows\splwow64.exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
    • C9C8.tmp (PID: 7164 cmdline: "C:\ProgramData\C9C8.tmp" MD5: 294E9F64CB1642DD89229FFF0592856B)
      • cmd.exe (PID: 1504 cmdline: "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\C9C8.tmp >> NUL MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 4844 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • ONENOTE.EXE (PID: 6020 cmdline: /insertdoc "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\{DCDCAFEB-5EC4-4F60-8F7C-E85EB48A28C7}.xps" 133594707154290000 MD5: 0061760D72416BCF5F2D9FA6564F0BEA)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
c8JakemodH.exeJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
    c8JakemodH.exeWindows_Ransomware_Lockbit_369e1e94unknownunknown
    • 0x1861d:$a2: 8B EC 53 56 57 33 C0 8B 5D 14 33 C9 33 D2 8B 75 0C 8B 7D 08 85 F6 74 33 55 8B 6D 10 8A 54 0D 00 02 D3 8A 5C 15 00 8A 54 1D 00
    • 0x4d4:$a3: 53 51 6A 01 58 0F A2 F7 C1 00 00 00 40 0F 95 C0 84 C0 74 09 0F C7 F0 0F C7 F2 59 5B C3 6A 07 58 33 C9 0F A2 F7 C3 00 00 04 00 0F 95 C0 84 C0 74 09 0F C7 F8 0F C7 FA 59 5B C3 0F 31 8B C8 C1 C9 ...
    SourceRuleDescriptionAuthorStrings
    00000000.00000002.2326197823.000000000117D000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
      00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
        00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmpWindows_Ransomware_Lockbit_369e1e94unknownunknown
        • 0x1841d:$a2: 8B EC 53 56 57 33 C0 8B 5D 14 33 C9 33 D2 8B 75 0C 8B 7D 08 85 F6 74 33 55 8B 6D 10 8A 54 0D 00 02 D3 8A 5C 15 00 8A 54 1D 00
        • 0xd4:$a3: 53 51 6A 01 58 0F A2 F7 C1 00 00 00 40 0F 95 C0 84 C0 74 09 0F C7 F0 0F C7 F2 59 5B C3 6A 07 58 33 C9 0F A2 F7 C3 00 00 04 00 0F 95 C0 84 C0 74 09 0F C7 F8 0F C7 FA 59 5B C3 0F 31 8B C8 C1 C9 ...
        00000000.00000000.1957084963.0000000000B21000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
          00000000.00000000.1957084963.0000000000B21000.00000020.00000001.01000000.00000003.sdmpWindows_Ransomware_Lockbit_369e1e94unknownunknown
          • 0x1841d:$a2: 8B EC 53 56 57 33 C0 8B 5D 14 33 C9 33 D2 8B 75 0C 8B 7D 08 85 F6 74 33 55 8B 6D 10 8A 54 0D 00 02 D3 8A 5C 15 00 8A 54 1D 00
          • 0xd4:$a3: 53 51 6A 01 58 0F A2 F7 C1 00 00 00 40 0F 95 C0 84 C0 74 09 0F C7 F0 0F C7 F2 59 5B C3 6A 07 58 33 C9 0F A2 F7 C3 00 00 04 00 0F 95 C0 84 C0 74 09 0F C7 F8 0F C7 FA 59 5B C3 0F 31 8B C8 C1 C9 ...
          Click to see the 2 entries
          SourceRuleDescriptionAuthorStrings
          0.0.c8JakemodH.exe.b20000.0.unpackJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
            0.0.c8JakemodH.exe.b20000.0.unpackWindows_Ransomware_Lockbit_369e1e94unknownunknown
            • 0x1861d:$a2: 8B EC 53 56 57 33 C0 8B 5D 14 33 C9 33 D2 8B 75 0C 8B 7D 08 85 F6 74 33 55 8B 6D 10 8A 54 0D 00 02 D3 8A 5C 15 00 8A 54 1D 00
            • 0x4d4:$a3: 53 51 6A 01 58 0F A2 F7 C1 00 00 00 40 0F 95 C0 84 C0 74 09 0F C7 F0 0F C7 F2 59 5B C3 6A 07 58 33 C9 0F A2 F7 C3 00 00 04 00 0F 95 C0 84 C0 74 09 0F C7 F8 0F C7 FA 59 5B C3 0F 31 8B C8 C1 C9 ...
            0.2.c8JakemodH.exe.b20000.0.unpackJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
              0.2.c8JakemodH.exe.b20000.0.unpackWindows_Ransomware_Lockbit_369e1e94unknownunknown
              • 0x1861d:$a2: 8B EC 53 56 57 33 C0 8B 5D 14 33 C9 33 D2 8B 75 0C 8B 7D 08 85 F6 74 33 55 8B 6D 10 8A 54 0D 00 02 D3 8A 5C 15 00 8A 54 1D 00
              • 0x4d4:$a3: 53 51 6A 01 58 0F A2 F7 C1 00 00 00 40 0F 95 C0 84 C0 74 09 0F C7 F0 0F C7 F2 59 5B C3 6A 07 58 33 C9 0F A2 F7 C3 00 00 04 00 0F 95 C0 84 C0 74 09 0F C7 F8 0F C7 FA 59 5B C3 0F 31 8B C8 C1 C9 ...

              System Summary

              barindex
              Source: Registry Key setAuthor: Nasreddine Bencherchali (Nextron Systems), Stephen Lincoln @slincoln-aiq (AttackIQ): Data: Details: C:\ProgramData\bQ8ODxIi2.bmp, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\c8JakemodH.exe, ProcessId: 728, TargetObject: HKEY_CURRENT_USER\Control Panel\Desktop\WallPaper
              No Snort rule has matched

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Source: c8JakemodH.exeAvira: detected
              Source: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionAvira URL Cloud: Label: malware
              Source: C:\ProgramData\C9C8.tmpAvira: detection malicious, Label: TR/Crypt.ZPACK.Gen
              Source: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionVirustotal: Detection: 10%Perma Link
              Source: C:\ProgramData\C9C8.tmpReversingLabs: Detection: 83%
              Source: C:\ProgramData\C9C8.tmpVirustotal: Detection: 83%Perma Link
              Source: c8JakemodH.exeJoe Sandbox ML: detected
              Source: c8JakemodH.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Videos\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Searches\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Saved Games\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Recent\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Pictures\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Pictures\Saved Pictures\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Pictures\Camera Roll\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\OneDrive\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Music\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Links\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Favorites\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Favorites\Links\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Downloads\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Documents\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Documents\SUAVTZKNFL\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Documents\PIVFAGEAAV\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Documents\GRXZDKKVDB\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Documents\GIGIYTFFYT\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Documents\EIVQSAOTAQ\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Documents\EFOYFBOLXA\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Desktop\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Desktop\SUAVTZKNFL\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Desktop\PIVFAGEAAV\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Desktop\GRXZDKKVDB\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Desktop\GIGIYTFFYT\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Desktop\EIVQSAOTAQ\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Desktop\EFOYFBOLXA\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Contacts\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yiaxs5ej.default\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\to-be-removed\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\temporary\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\security_state\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\saved-telemetry-pings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\minidumps\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\tmp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\events\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\db\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\events\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\bookmarkbackups\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Pending Pings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\events\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Extensions\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\f2eb6c79-671d-4de2-b7be-3b2eea7abc47\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\6d9d9777-7ded-4768-8191-9a707d72b009\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\61f56613-c62c-4b17-84dd-62b60d5776aa\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\56079431-ea46-4833-94f9-1ff5658cdb1c\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Adobe\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Sonar\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Sonar\SonarCC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Adobe\RTTransfer\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Adobe\LogTransport2CC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Adobe\LogTransport2\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Linguistics\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Headlights\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Flash Player\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Flash Player\NativeCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Adobe\CRLogs\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Adobe\CRLogs\crashlogs\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\Preflight Acrobat Continuous\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Forms\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Collab\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Linguistics\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cookie\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\VideoDecodeStats\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\index-dir\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\dd432c4a-ba38-4070-9985-ed1b3bea85dc\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\assets\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\DesktopNotification\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\DesktopNotification\NotificationsDB\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\VirtualStore\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\Symbols\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_5172_761252224\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_5172_1791500899\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_2640_817343797\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\mozilla-temp-files\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\Low\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_995017740\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_778675694\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_736602331\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_649288342\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_339006160\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_27162369\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1988346647\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1959985254\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1807723660\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1693012001\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1635976352\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1619438387\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1485273224\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1421574262\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1318414972\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1289371347\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1234978473\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1191663050\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1090636871\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\Diagnostics\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\SearchEmbdIndex\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\acrocef_low\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat\DC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\SolidDocuments\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\SolidDocuments\Acrobat\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Publishers\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\SettingsContainer\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Microsoft.WindowsAlarms\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Licenses\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Fonts\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\PlaceholderTileLogoFolder\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\PeerDistRepub\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalState\DiagOutputDir\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\BackgroundTransferApi\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\Flighting\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{99fff775-938d-4e2c-9c06-5d56107a5383}\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{2737c7bb-35fb-4b44-baf9-033ca587595d}\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{4e763a36-90d3-4d6c-9949-dd01f7e5d23f}\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{ea91a05a-d98f-4429-81a9-272df0335447}\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{de0f148a-c476-467a-b7a3-14b0bb463140}\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{468da3e9-080c-4716-8706-e51d871661d0}\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\CacheStorage\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: c8JakemodH.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: c8JakemodH.exe, 00000000.00000003.2134423304.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.2041782590.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.2046205022.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.2034691703.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.2027377459.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.2032232640.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.2035755547.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.2033963173.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.2025508004.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.2031930430.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.2033345504.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.2038271812.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.2041067930.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.2028668618.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.2042691633.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.2017971506.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.2028077596.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.2038527038.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.2038141254.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.2027768395.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.2030185049.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.2029424729.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.2035960248.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.2037887431.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.2034592402.00000000011AA000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error6 source: c8JakemodH.exe, 00000000.00000003.2017789325.00000000011AC000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \\?\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: c8JakemodH.exe, 00000000.00000003.2017789325.00000000011AC000.00000004.00000020.00020000.00000000.sdmp
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B2748C FindFirstFileExW,FindNextFileW,0_2_00B2748C
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B25C34 FindFirstFileW,FindClose,FindNextFileW,FindClose,0_2_00B25C34
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B2A064 FindFirstFileExW,FindClose,0_2_00B2A064
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B27560 FindFirstFileExW,FindClose,0_2_00B27560
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B2763C FindFirstFileExW,GetFileAttributesW,FindNextFileW,0_2_00B2763C
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B2F264 GetFileAttributesW,SetThreadPriority,FindFirstFileExW,FindNextFileW,FindClose,0_2_00B2F264
              Source: C:\ProgramData\C9C8.tmpCode function: 7_2_0040227C FindFirstFileExW,7_2_0040227C
              Source: C:\ProgramData\C9C8.tmpCode function: 7_2_0040152C FindFirstFileExW,FindClose,FindNextFileW,FindClose,7_2_0040152C
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B27438 GetLogicalDriveStringsW,GetDriveTypeW,0_2_00B27438
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\SearchEmbdIndex\Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Jump to behavior

              Networking

              barindex
              Source: c8JakemodH.exe, 00000000.00000002.2326762861.00000000013A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion
              Source: c8JakemodH.exe, 00000000.00000002.2326567241.00000000012E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onionn
              Source: c8JakemodH.exe, 00000000.00000002.2326567241.00000000012E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onionHC
              Source: c8JakemodH.exe, 00000000.00000002.2326567241.00000000012E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onion
              Source: c8JakemodH.exe, 00000000.00000002.2326567241.00000000012E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onion]
              Source: c8JakemodH.exe, 00000000.00000002.2326567241.00000000012E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onionc
              Source: c8JakemodH.exe, 00000000.00000002.2326567241.00000000012E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onionr$
              Source: c8JakemodH.exe, 00000000.00000002.2326567241.00000000012E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onione$
              Source: c8JakemodH.exe, 00000000.00000002.2326567241.00000000012E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onionH$
              Source: c8JakemodH.exe, 00000000.00000002.2326567241.00000000012E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion;$
              Source: c8JakemodH.exe, 00000000.00000002.2326567241.00000000012E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onionl.$
              Source: c8JakemodH.exe, 00000000.00000002.2326567241.00000000012E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onioned
              Source: c8JakemodH.exe, 00000000.00000002.2326567241.00000000012E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion
              Source: c8JakemodH.exe, 00000000.00000002.2326567241.00000000012E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion
              Source: c8JakemodH.exe, 00000000.00000002.2326567241.00000000012E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onionl%
              Source: c8JakemodH.exe, 00000000.00000002.2326567241.00000000012E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion]_%
              Source: c8JakemodH.exe, 00000000.00000002.2326567241.00000000012E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onionB%
              Source: c8JakemodH.exe, 00000000.00000002.2326567241.00000000012E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionl5%
              Source: c8JakemodH.exe, 00000000.00000002.2326567241.00000000012E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionackages\Microsoft.ECApp_8wekyb3d8bbwe\LocalState\Q8ODxI-
              Source: c8JakemodH.exe, 00000000.00000003.1978284906.000000000127A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
              Source: c8JakemodH.exe, 00000000.00000003.1978284906.000000000127A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
              Source: c8JakemodH.exe, 00000000.00000002.2326197823.000000000117D000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000002.2326567241.00000000012E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt.uz
              Source: c8JakemodH.exe, 00000000.00000002.2326567241.00000000012E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion
              Source: c8JakemodH.exe, 00000000.00000002.2326567241.00000000012E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onionH$
              Source: c8JakemodH.exe, 00000000.00000002.2326567241.00000000012E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onionHC
              Source: c8JakemodH.exe, 00000000.00000002.2326567241.00000000012E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onione$
              Source: c8JakemodH.exe, 00000000.00000002.2326567241.00000000012E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onionl%
              Source: c8JakemodH.exe, 00000000.00000002.2326567241.00000000012E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onionn
              Source: c8JakemodH.exe, 00000000.00000002.2326567241.00000000012E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onion
              Source: c8JakemodH.exe, 00000000.00000002.2326567241.00000000012E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onionB%
              Source: c8JakemodH.exe, 00000000.00000002.2326567241.00000000012E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onionc
              Source: c8JakemodH.exe, 00000000.00000002.2326567241.00000000012E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onionl.$
              Source: c8JakemodH.exe, 00000000.00000002.2326567241.00000000012E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onionr$
              Source: c8JakemodH.exe, 00000000.00000002.2326762861.00000000013A1000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000002.2326567241.00000000012E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion
              Source: c8JakemodH.exe, 00000000.00000002.2326567241.00000000012E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion;$
              Source: c8JakemodH.exe, 00000000.00000002.2326567241.00000000012E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionackages
              Source: c8JakemodH.exe, 00000000.00000002.2326567241.00000000012E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onioned
              Source: c8JakemodH.exe, 00000000.00000002.2326567241.00000000012E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionl5%
              Source: c8JakemodH.exe, 00000000.00000002.2326762861.00000000013A1000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000002.2326567241.00000000012E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupp.uz
              Source: c8JakemodH.exe, 00000000.00000003.2128642344.0000000001473000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: http://weather.service.msn.com/data.aspx
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
              Source: c8JakemodH.exe, 00000000.00000003.1979092937.0000000001267000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://allegro.pl/
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://analysis.windows.net/powerbi/api
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://api.aadrm.com
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://api.aadrm.com/
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://api.addins.omex.office.net/api/addins/search
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://api.addins.store.office.com/app/query
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://api.cortana.ai
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://api.diagnostics.office.com
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://api.diagnosticssdf.office.com
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://api.microsoftstream.com
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://api.microsoftstream.com/api/
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://api.office.net
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://api.onedrive.com
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://api.scheduler.
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://apis.live.net/v5.0/
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://arc.msn.com/v4/api/selection
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://augloop.office.com
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://augloop.office.com/v2
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://autodiscover-s.outlook.com/
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
              Source: c8JakemodH.exe, 00000000.00000003.1978284906.000000000127A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://cdn.entity.
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://cdn.hubblecontent.osi.office.net/
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://clients.config.office.net
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://clients.config.office.net/
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://config.edge.skype.com
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://cortana.ai
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://cortana.ai/api
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://cr.office.com
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://d.docs.live.net
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://dataservice.o365filtering.com
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://dataservice.o365filtering.com/
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://designerapp.officeapps.live.com/designerapp
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://dev.cortana.ai
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://devnull.onenote.com
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://directory.services.
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://ecs.office.com
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://ecs.office.com/config/v1/Designer
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://ecs.office.com/config/v2/Office
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://edge.skype.com/registrar/prod
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://edge.skype.com/rps
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://enrichment.osi.office.net/
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://entitlement.diagnostics.office.com
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
              Source: c8JakemodH.exe, 00000000.00000003.2128642344.0000000001473000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-language-packs/4f1bcaa0-ddf9-
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://fpastorage.cdn.office.net/%s
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://globaldisco.crm.dynamics.com
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://graph.ppe.windows.net
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://graph.ppe.windows.net/
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://graph.windows.net
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://graph.windows.net/
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://ic3.teams.office.com
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://incidents.diagnostics.office.com
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://inclient.store.office.com/gyro/client
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://invites.office.com/
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://lifecycle.office.com
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://login.microsoftonline.com
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://login.microsoftonline.com/
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://login.windows.local
              Source: App1714997128751370700_D8AA22AD-2EF8-4FCC-82ED-7CD45F2B873D.log.8.drString found in binary or memory: https://login.windows.net
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://make.powerautomate.com
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://management.azure.com
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://management.azure.com/
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://messaging.action.office.com/
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://messaging.engagement.office.com/
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://messaging.lifecycle.office.com/
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://messaging.office.com/
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://my.microsoftpersonalcontent.com
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://ncus.contentsync.
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://ncus.pagecontentsync.
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://officeapps.live.com
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://officeci.azurewebsites.net/api/
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://officepyservice.office.net/
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://officepyservice.office.net/service.functionality
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://onedrive.live.com
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://onedrive.live.com/embed?
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://otelrules.azureedge.net
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://otelrules.svc.static.microsoft
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://outlook.office.com
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://outlook.office.com/
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://outlook.office365.com
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://outlook.office365.com/
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://outlook.office365.com/connectors
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://pages.store.office.com/review/query
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://powerlift.acompli.net
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://pushchannel.1drv.ms
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://res.cdn.office.net
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.39
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://res.cdn.office.net/polymer/models
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://service.officepy.microsoftusercontent.com/
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://settings.outlook.com
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://shell.suite.office.com:1443
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://skyapi.live.net/Activity/
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://staging.cortana.ai
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://store.office.cn/addinstemplate
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://store.office.de/addinstemplate
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://substrate.office.com
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
              Source: c8JakemodH.exe, 00000000.00000003.1973359684.0000000001242000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
              Source: c8JakemodH.exe, 00000000.00000003.1973359684.0000000001242000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefox
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://tasks.office.com
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://templatesmetadata.office.net/
              Source: c8JakemodH.exe, 00000000.00000003.1978284906.000000000127A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://web.microsoftstream.com/video/
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://webshell.suite.office.com
              Source: c8JakemodH.exe, 00000000.00000003.1979092937.0000000001267000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.1979092937.0000000001278000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://weibo.com/
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://wus2.contentsync.
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://wus2.pagecontentsync.
              Source: c8JakemodH.exe, 00000000.00000003.1979092937.0000000001267000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.aliexpress.com/
              Source: c8JakemodH.exe, 00000000.00000003.1979092937.0000000001267000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.ca/
              Source: c8JakemodH.exe, 00000000.00000003.1979092937.0000000001267000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.co.uk/
              Source: c8JakemodH.exe, 00000000.00000003.1979092937.0000000001267000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.1978284906.000000000127A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
              Source: c8JakemodH.exe, 00000000.00000003.1979092937.0000000001267000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.de/
              Source: c8JakemodH.exe, 00000000.00000003.1979092937.0000000001267000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.fr/
              Source: c8JakemodH.exe, 00000000.00000003.1979092937.0000000001267000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avito.ru/
              Source: c8JakemodH.exe, 00000000.00000003.1978284906.000000000127A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/
              Source: c8JakemodH.exe, 00000000.00000003.1979092937.0000000001267000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.bbc.co.uk/
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
              Source: c8JakemodH.exe, 00000000.00000003.1978284906.000000000127A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ctrip.com/
              Source: c8JakemodH.exe, 00000000.00000003.1978284906.000000000127A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.co.uk/
              Source: c8JakemodH.exe, 00000000.00000003.1979092937.0000000001267000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.de/
              Source: c8JakemodH.exe, 00000000.00000003.1978284906.000000000127A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
              Source: c8JakemodH.exe, 00000000.00000003.1978284906.000000000127A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/
              Source: c8JakemodH.exe, 00000000.00000003.1979092937.0000000001267000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ifeng.com/
              Source: c8JakemodH.exe, 00000000.00000003.1979092937.0000000001267000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.iqiyi.com/
              Source: c8JakemodH.exe, 00000000.00000003.1979092937.0000000001267000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.leboncoin.fr/
              Source: c8JakemodH.exe, 00000000.00000003.1973359684.0000000001242000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/
              Source: c8JakemodH.exe, 00000000.00000003.1973359684.0000000001242000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
              Source: c8JakemodH.exe, 00000000.00000003.1976050853.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.1973359684.0000000001242000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
              Source: c8JakemodH.exe, 00000000.00000003.1973359684.0000000001242000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://www.odwebp.svc.ms
              Source: c8JakemodH.exe, 00000000.00000003.1979092937.0000000001267000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.1979092937.0000000001278000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
              Source: c8JakemodH.exe, 00000000.00000003.1979092937.0000000001267000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
              Source: c8JakemodH.exe, 00000000.00000003.1979092937.0000000001267000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.wykop.pl/
              Source: 74838711-7E0B-45A4-9802-5A49E351F206.8.drString found in binary or memory: https://www.yammer.com
              Source: c8JakemodH.exe, 00000000.00000003.1978284906.000000000127A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
              Source: c8JakemodH.exe, 00000000.00000003.1979092937.0000000001278000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.zhihu.com/

              Spam, unwanted Advertisements and Ransom Demands

              barindex
              Source: C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\LocalState\bQ8ODxIi2.README.txtDropped file: ~~~ AlphaCat ~~~>>>> Your data are stolen and encrypted>>>> What guarantees that we will not deceive you? We are not a politically motivated group and we do not need anything other than your money. If you pay, we will provide you the programs for decryption and we will delete your data. Life is too short to be sad. Be not sad, money, it is only paper. If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment. >>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION IDContact via Email with your personal Decryption id !: hackbeenswim@mail2tor.comSend 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D>>>> Warning! Do not DELETE or MODIFY any files, it can lead to recovery problems!>>>> Warning! If you do not pay the ransom we will attack repeatedly again!Jump to dropped file
              Source: Yara matchFile source: c8JakemodH.exe, type: SAMPLE
              Source: Yara matchFile source: 0.0.c8JakemodH.exe.b20000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.c8JakemodH.exe.b20000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000002.2326197823.000000000117D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000000.1957084963.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2326567241.00000000012E0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: c8JakemodH.exe PID: 728, type: MEMORYSTR
              Source: C:\Users\user\Desktop\c8JakemodH.exeKey value created or modified: HKEY_CURRENT_USER\Control Panel\Desktop WallPaper C:\ProgramData\bQ8ODxIi2.bmpJump to behavior
              Source: c8JakemodH.exe, 00000000.00000003.2030185049.00000000011BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: c8JakemodH.exe, 00000000.00000003.2041637686.000000000117E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: c8JakemodH.exe, 00000000.00000003.2033345504.00000000011BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: c8JakemodH.exe, 00000000.00000003.2025508004.00000000011BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: c8JakemodH.exe, 00000000.00000003.2046205022.00000000011AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: c8JakemodH.exe, 00000000.00000003.2046205022.000000000117C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: c8JakemodH.exe, 00000000.00000003.2035935366.00000000011BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: c8JakemodH.exe, 00000000.00000003.2034691703.00000000011BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: c8JakemodH.exe, 00000000.00000003.1980429088.00000000011D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: c8JakemodH.exe, 00000000.00000003.2028668618.00000000011BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: c8JakemodH.exe, 00000000.00000003.2141132423.000000000117D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: c8JakemodH.exe, 00000000.00000002.2326197823.000000000117D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: c8JakemodH.exe, 00000000.00000002.2326197823.000000000117D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : Your data are stolen and encrypted
              Source: c8JakemodH.exe, 00000000.00000002.2326197823.000000000117D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : Your data are stolen and encryptedr we
              Source: c8JakemodH.exe, 00000000.00000002.2326197823.000000000117D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : Your data are stolen and encrypted
              Source: c8JakemodH.exe, 00000000.00000002.2326197823.000000000117D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : Your data are stolen and encryptedg
              Source: c8JakemodH.exe, 00000000.00000002.2326197823.000000000117D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : Your data are stolen and encrypteda
              Source: c8JakemodH.exe, 00000000.00000002.2326197823.000000000117D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : Your data are stolen and encrypted[
              Source: c8JakemodH.exe, 00000000.00000002.2326197823.000000000117D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : Your data are stolen and encrypteds
              Source: c8JakemodH.exe, 00000000.00000002.2326197823.000000000117D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : Your data are stolen and encryptede
              Source: c8JakemodH.exe, 00000000.00000003.2027580301.00000000011BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: c8JakemodH.exe, 00000000.00000002.2326197823.000000000114E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : All your important files are stolen and encrypted!
              Source: c8JakemodH.exe, 00000000.00000003.2041067930.000000000117F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: c8JakemodH.exe, 00000000.00000003.2028077596.00000000011BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: c8JakemodH.exe, 00000000.00000003.2038527038.00000000011BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: c8JakemodH.exe, 00000000.00000003.2035960248.00000000011BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: c8JakemodH.exe, 00000000.00000003.2041933986.000000000117F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: c8JakemodH.exe, 00000000.00000003.1979142723.000000000117F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: c8JakemodH.exe, 00000000.00000003.2032232640.00000000011BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: c8JakemodH.exe, 00000000.00000003.2026096308.00000000011BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: c8JakemodH.exe, 00000000.00000003.2031930430.00000000011BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: c8JakemodH.exe, 00000000.00000003.1979504885.000000000117F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: c8JakemodH.exe, 00000000.00000003.2038271812.00000000011BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: c8JakemodH.exe, 00000000.00000003.2145923582.000000000117D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: c8JakemodH.exe, 00000000.00000003.2038527038.000000000117F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: c8JakemodH.exe, 00000000.00000003.2029424729.00000000011BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: c8JakemodH.exe, 00000000.00000003.2092623014.00000000011AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: c8JakemodH.exe, 00000000.00000003.2037887431.00000000011BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: c8JakemodH.exe, 00000000.00000003.2028077596.00000000011BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: c8JakemodH.exe, 00000000.00000002.2326394096.00000000011AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : All your important files are stolen and encrypted!
              Source: c8JakemodH.exe, 00000000.00000003.2035755547.00000000011BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: c8JakemodH.exe, 00000000.00000003.2040963418.000000000117F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: c8JakemodH.exe, 00000000.00000003.2033963173.00000000011BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: c8JakemodH.exe, 00000000.00000002.2326567241.00000000012E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: c8JakemodH.exe, 00000000.00000002.2326567241.00000000012E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : Your data are stolen and encrypted
              Source: c8JakemodH.exe, 00000000.00000003.2038110988.00000000011BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: c8JakemodH.exe, 00000000.00000003.2027738810.00000000011BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: c8JakemodH.exe, 00000000.00000003.2042691633.000000000117E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: c8JakemodH.exe, 00000000.00000003.2038271812.0000000001181000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: c8JakemodH.exe, 00000000.00000003.2323047718.00000000011AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : All your important files are stolen and encrypted!
              Source: c8JakemodH.exe, 00000000.00000003.2017789325.00000000011BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: c8JakemodH.exe, 00000000.00000003.2038141254.00000000011BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: c8JakemodH.exe, 00000000.00000003.1964709229.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: c8JakemodH.exe, 00000000.00000003.1979808442.000000000117F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt69.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt392.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt455.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt400.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt446.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt485.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt25.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt478.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt137.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt202.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt243.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt436.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt419.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt122.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt77.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt227.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt550.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt362.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt559.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt465.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt506.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt87.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt98.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt211.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt57.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt131.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt530.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt364.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt497.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt515.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt350.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt60.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt450.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt333.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt488.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt413.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt10.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt92.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt42.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt466.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt314.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt373.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt67.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt510.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt174.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt106.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt420.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt273.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt357.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt332.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt175.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt4.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt504.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt171.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt73.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt111.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt228.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt34.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt462.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt65.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt196.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt340.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt549.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt119.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt39.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt353.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt242.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt476.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt247.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt376.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt22.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt390.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt397.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt470.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt496.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt86.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt256.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt182.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt425.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt162.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt190.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt187.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt1.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt158.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt509.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt68.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt23.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt291.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt133.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt18.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt206.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt384.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt459.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt394.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt102.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt372.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt169.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt457.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt514.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt156.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt540.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt505.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt418.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt138.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt115.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt343.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt391.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt177.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt153.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt294.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt253.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt516.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt126.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt388.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt469.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt74.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt6.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt219.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt361.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt232.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt274.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt526.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt494.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt453.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt83.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt284.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt254.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt120.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt463.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt434.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt155.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt64.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt298.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt484.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt59.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt26.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt454.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt8.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt554.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt341.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt354.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt104.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt524.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt194.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt186.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt483.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt267.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt112.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt271.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt89.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt293.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt534.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt437.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt193.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt318.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt542.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt521.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt555.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt260.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt385.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt421.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt435.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt406.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt269.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt389.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt180.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt344.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt351.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt72.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt430.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt491.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt311.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt236.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt145.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt258.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt7.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt66.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt94.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt529.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt167.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt90.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt246.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt422.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt431.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt96.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt448.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt30.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt347.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt428.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt386.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt313.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt255.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt414.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt168.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt152.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt160.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt265.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt2.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt75.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt11.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt141.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt356.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt213.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt444.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt221.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt163.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt417.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt205.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt286.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt539.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt378.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt441.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt27.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt17.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt197.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt329.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt522.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt402.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt370.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt252.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt147.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt132.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt544.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt150.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt296.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt192.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt461.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt249.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt234.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt208.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt215.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt334.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt316.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt201.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt70.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt303.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt360.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt209.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt127.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt346.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt84.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt142.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt290.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt226.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt62.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt51.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt410.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt359.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt270.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt146.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt117.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt173.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt486.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt451.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt279.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt268.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt513.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt467.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt508.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt204.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt383.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt309.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt230.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt547.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt557.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt416.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt235.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt429.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt519.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt495.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt40.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt79.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt295.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt439.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt518.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt553.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt423.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt107.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt552.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt323.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt103.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt382.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt179.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt490.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt63.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt438.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt537.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt135.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt128.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt5.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt223.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt310.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt29.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt9.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt330.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt38.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt12.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt225.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt322.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt305.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt41.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt185.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt134.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt499.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt399.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt302.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt15.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt379.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt503.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt442.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt306.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt300.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt113.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt13.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt189.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt551.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt54.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt222.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt324.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt276.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt149.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt326.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt558.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt371.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt538.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt129.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt331.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt95.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt315.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt380.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt527.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt218.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt475.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt308.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt237.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt427.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt535.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt52.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt214.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt365.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt445.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt24.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt78.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt409.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt325.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt217.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt44.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt101.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt546.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt447.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt352.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt507.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt342.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt337.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt48.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt109.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt560.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt458.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt123.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt536.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt191.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt88.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt200.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt31.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt85.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt46.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt317.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt541.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt0.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt287.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt100.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt148.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt71.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt320.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt20.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt426.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt412.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt154.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt278.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt500.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt198.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt245.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt184.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt58.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt512.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt288.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt396.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt345.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt144.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt297.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt210.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt281.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt433.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt289.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt368.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt543.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt56.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt404.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt199.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt545.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt121.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt407.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt335.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt37.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt464.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt556.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt531.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt473.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt19.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt283.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt207.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt528.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt358.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt76.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt377.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt487.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt21.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt170.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt471.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt248.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt367.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt387.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt533.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt498.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt110.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt99.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt43.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt261.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt449.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt118.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt238.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt338.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt16.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt440.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt349.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt304.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt520.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt183.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt251.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt36.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt489.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt548.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt240.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt33.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: bQ8ODxIi2.README.txt477.0.drString found in binary or memory : >>>> Your data are stolen and encrypted
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile moved: C:\Users\user\Desktop\NVWZAPQSQL.pdfJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile moved: C:\Users\user\Desktop\PIVFAGEAAV\NVWZAPQSQL.pdfJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile moved: C:\Users\user\Desktop\NVWZAPQSQL.mp3Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile moved: C:\Users\user\Desktop\PIVFAGEAAV\SQSJKEBWDT.xlsxJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile moved: C:\Users\user\Desktop\PIVFAGEAAV\GRXZDKKVDB.jpgJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile dropped: C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\LocalState\bQ8ODxIi2.README.txt -> decryption and we will delete your data. life is too short to be sad. be not sad, money, it is only paper. if we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. therefore to us our reputation is very important. we attack worldwide and there is no dissatisfied victim after payment. >>>> you need contact us via email with srenshot of btc transaction and your personal decryption idcontact via email with your personal decryption id !: hackbeenswim@mail2tor.comsend 400$ (0.006 btc) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q>>>> your personal decryption id: d53f15bf767167bc622c1cb4d4fc174d>>>> warning! do not delete or modify any files, it can lead to recovery problems!>>>> warning! if you do not pay the ransom we will attack repeatedly again!Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile dropped: C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\RoamingState\bQ8ODxIi2.README.txt -> decryption and we will delete your data. life is too short to be sad. be not sad, money, it is only paper. if we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. therefore to us our reputation is very important. we attack worldwide and there is no dissatisfied victim after payment. >>>> you need contact us via email with srenshot of btc transaction and your personal decryption idcontact via email with your personal decryption id !: hackbeenswim@mail2tor.comsend 400$ (0.006 btc) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q>>>> your personal decryption id: d53f15bf767167bc622c1cb4d4fc174d>>>> warning! do not delete or modify any files, it can lead to recovery problems!>>>> warning! if you do not pay the ransom we will attack repeatedly again!Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile dropped: C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\bQ8ODxIi2.README.txt -> decryption and we will delete your data. life is too short to be sad. be not sad, money, it is only paper. if we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. therefore to us our reputation is very important. we attack worldwide and there is no dissatisfied victim after payment. >>>> you need contact us via email with srenshot of btc transaction and your personal decryption idcontact via email with your personal decryption id !: hackbeenswim@mail2tor.comsend 400$ (0.006 btc) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q>>>> your personal decryption id: d53f15bf767167bc622c1cb4d4fc174d>>>> warning! do not delete or modify any files, it can lead to recovery problems!>>>> warning! if you do not pay the ransom we will attack repeatedly again!Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile dropped: C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\SystemAppData\bQ8ODxIi2.README.txt -> decryption and we will delete your data. life is too short to be sad. be not sad, money, it is only paper. if we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. therefore to us our reputation is very important. we attack worldwide and there is no dissatisfied victim after payment. >>>> you need contact us via email with srenshot of btc transaction and your personal decryption idcontact via email with your personal decryption id !: hackbeenswim@mail2tor.comsend 400$ (0.006 btc) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q>>>> your personal decryption id: d53f15bf767167bc622c1cb4d4fc174d>>>> warning! do not delete or modify any files, it can lead to recovery problems!>>>> warning! if you do not pay the ransom we will attack repeatedly again!Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile dropped: C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\TempState\bQ8ODxIi2.README.txt -> decryption and we will delete your data. life is too short to be sad. be not sad, money, it is only paper. if we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. therefore to us our reputation is very important. we attack worldwide and there is no dissatisfied victim after payment. >>>> you need contact us via email with srenshot of btc transaction and your personal decryption idcontact via email with your personal decryption id !: hackbeenswim@mail2tor.comsend 400$ (0.006 btc) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q>>>> your personal decryption id: d53f15bf767167bc622c1cb4d4fc174d>>>> warning! do not delete or modify any files, it can lead to recovery problems!>>>> warning! if you do not pay the ransom we will attack repeatedly again!Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile dropped: C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\bQ8ODxIi2.README.txt -> decryption and we will delete your data. life is too short to be sad. be not sad, money, it is only paper. if we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. therefore to us our reputation is very important. we attack worldwide and there is no dissatisfied victim after payment. >>>> you need contact us via email with srenshot of btc transaction and your personal decryption idcontact via email with your personal decryption id !: hackbeenswim@mail2tor.comsend 400$ (0.006 btc) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q>>>> your personal decryption id: d53f15bf767167bc622c1cb4d4fc174d>>>> warning! do not delete or modify any files, it can lead to recovery problems!>>>> warning! if you do not pay the ransom we will attack repeatedly again!Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile dropped: C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\AC\Temp\bQ8ODxIi2.README.txt -> decryption and we will delete your data. life is too short to be sad. be not sad, money, it is only paper. if we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. therefore to us our reputation is very important. we attack worldwide and there is no dissatisfied victim after payment. >>>> you need contact us via email with srenshot of btc transaction and your personal decryption idcontact via email with your personal decryption id !: hackbeenswim@mail2tor.comsend 400$ (0.006 btc) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q>>>> your personal decryption id: d53f15bf767167bc622c1cb4d4fc174d>>>> warning! do not delete or modify any files, it can lead to recovery problems!>>>> warning! if you do not pay the ransom we will attack repeatedly again!Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile dropped: C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\AC\bQ8ODxIi2.README.txt -> decryption and we will delete your data. life is too short to be sad. be not sad, money, it is only paper. if we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. therefore to us our reputation is very important. we attack worldwide and there is no dissatisfied victim after payment. >>>> you need contact us via email with srenshot of btc transaction and your personal decryption idcontact via email with your personal decryption id !: hackbeenswim@mail2tor.comsend 400$ (0.006 btc) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q>>>> your personal decryption id: d53f15bf767167bc622c1cb4d4fc174d>>>> warning! do not delete or modify any files, it can lead to recovery problems!>>>> warning! if you do not pay the ransom we will attack repeatedly again!Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile dropped: C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\AppData\bQ8ODxIi2.README.txt -> decryption and we will delete your data. life is too short to be sad. be not sad, money, it is only paper. if we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. therefore to us our reputation is very important. we attack worldwide and there is no dissatisfied victim after payment. >>>> you need contact us via email with srenshot of btc transaction and your personal decryption idcontact via email with your personal decryption id !: hackbeenswim@mail2tor.comsend 400$ (0.006 btc) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q>>>> your personal decryption id: d53f15bf767167bc622c1cb4d4fc174d>>>> warning! do not delete or modify any files, it can lead to recovery problems!>>>> warning! if you do not pay the ransom we will attack repeatedly again!Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile dropped: C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\LocalCache\bQ8ODxIi2.README.txt -> decryption and we will delete your data. life is too short to be sad. be not sad, money, it is only paper. if we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. therefore to us our reputation is very important. we attack worldwide and there is no dissatisfied victim after payment. >>>> you need contact us via email with srenshot of btc transaction and your personal decryption idcontact via email with your personal decryption id !: hackbeenswim@mail2tor.comsend 400$ (0.006 btc) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q>>>> your personal decryption id: d53f15bf767167bc622c1cb4d4fc174d>>>> warning! do not delete or modify any files, it can lead to recovery problems!>>>> warning! if you do not pay the ransom we will attack repeatedly again!Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_WindowsAlarms_8wekyb3d8bbwe!App.bQ8ODxIi2 entropy: 7.99464700908Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_WINWORD_EXE_15.bQ8ODxIi2 entropy: 7.99469739732Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_SPREADSHEETCOMPARE_EXE_15.bQ8ODxIi2 entropy: 7.99402912952Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_SETLANG_EXE_15.bQ8ODxIi2 entropy: 7.99464548574Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_POWERPNT_EXE_15.bQ8ODxIi2 entropy: 7.99528973225Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_OUTLOOK_EXE_15.bQ8ODxIi2 entropy: 7.99479347708Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_ONENOTE_EXE_15.bQ8ODxIi2 entropy: 7.99521013828Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_SkyDrive_Desktop.bQ8ODxIi2 entropy: 7.99524820145Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_ControlPanel.bQ8ODxIi2 entropy: 7.99473733583Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_Computer.bQ8ODxIi2 entropy: 7.99526918547Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_AdministrativeTools.bQ8ODxIi2 entropy: 7.99517341907Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_WindowsSoundRecorder_8wekyb3d8bbwe!App.bQ8ODxIi2 entropy: 7.99481091464Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_WindowsCalculator_8wekyb3d8bbwe!App.bQ8ODxIi2 entropy: 7.99538486037Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_Shell_RunDialog.bQ8ODxIi2 entropy: 7.99540439229Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_RemoteDesktop.bQ8ODxIi2 entropy: 7.99504948486Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_Photos_8wekyb3d8bbwe!App.bQ8ODxIi2 entropy: 7.99347996784Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_MediaPlayer32.bQ8ODxIi2 entropy: 7.99514229672Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_Explorer.bQ8ODxIi2 entropy: 7.99526478477Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_msconfig_exe.bQ8ODxIi2 entropy: 7.99506784964Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_MdSched_exe.bQ8ODxIi2 entropy: 7.99466960211Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_magnify_exe.bQ8ODxIi2 entropy: 7.99465362562Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_iscsicpl_exe.bQ8ODxIi2 entropy: 7.99510867057Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_dfrgui_exe.bQ8ODxIi2 entropy: 7.99506285487Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_comexp_msc.bQ8ODxIi2 entropy: 7.99549046312Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cmd_exe.bQ8ODxIi2 entropy: 7.99567680201Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cleanmgr_exe.bQ8ODxIi2 entropy: 7.99474205062Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_charmap_exe.bQ8ODxIi2 entropy: 7.9954668898Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\MSEdge.bQ8ODxIi2 entropy: 7.99493483928Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_services_msc.bQ8ODxIi2 entropy: 7.99416727017Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_RecoveryDrive_exe.bQ8ODxIi2 entropy: 7.99512703353Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_quickassist_exe.bQ8ODxIi2 entropy: 7.99500421571Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_psr_exe.bQ8ODxIi2 entropy: 7.9947768703Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_printmanagement_msc.bQ8ODxIi2 entropy: 7.99496942177Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_osk_exe.bQ8ODxIi2 entropy: 7.99495611429Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_odbcad32_exe.bQ8ODxIi2 entropy: 7.99486490482Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_notepad_exe.bQ8ODxIi2 entropy: 7.99461871353Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_narrator_exe.bQ8ODxIi2 entropy: 7.9944961748Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_mspaint_exe.bQ8ODxIi2 entropy: 7.99437880869Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_msinfo32_exe.bQ8ODxIi2 entropy: 7.99515610982Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_Au3Info_exe.bQ8ODxIi2 entropy: 7.99497187203Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_Windows NT_Accessories_wordpad_exe.bQ8ODxIi2 entropy: 7.99519783188Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_Common Files_Microsoft Shared_Ink_mip_exe.bQ8ODxIi2 entropy: 7.99477883106Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_Adobe_Acrobat DC_Acrobat_Acrobat_exe.bQ8ODxIi2 entropy: 7.99488670934Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_7-Zip_7zFM_exe.bQ8ODxIi2 entropy: 7.99481613699Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_7-Zip_7-zip_chm.bQ8ODxIi2 entropy: 7.99567835683Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_WindowsPowerShell_v1_0_PowerShell_ISE_exe.bQ8ODxIi2 entropy: 7.99522446512Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_WindowsPowerShell_v1_0_powershell_exe.bQ8ODxIi2 entropy: 7.99461539265Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_WF_msc.bQ8ODxIi2 entropy: 7.99543971587Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_WFS_exe.bQ8ODxIi2 entropy: 7.99523105457Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_SnippingTool_exe.bQ8ODxIi2 entropy: 7.99465293517Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_SciTE_SciTE_exe.bQ8ODxIi2 entropy: 7.99448599518Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_Extras.bQ8ODxIi2 entropy: 7.99503677876Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_Examples.bQ8ODxIi2 entropy: 7.99496879813Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_AutoIt_chm.bQ8ODxIi2 entropy: 7.99488687478Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_AutoItX_AutoItX_chm.bQ8ODxIi2 entropy: 7.99545895123Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_AutoIt3_x64_exe.bQ8ODxIi2 entropy: 7.99509542808Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_AutoIt3_exe.bQ8ODxIi2 entropy: 7.99540303089Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_AutoIt v3 Website_url.bQ8ODxIi2 entropy: 7.99425819933Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_Aut2Exe_Aut2exe_x64_exe.bQ8ODxIi2 entropy: 7.99479428479Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_Aut2Exe_Aut2exe_exe.bQ8ODxIi2 entropy: 7.99608203701Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_Au3Info_x64_exe.bQ8ODxIi2 entropy: 7.99504169725Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}_WindowsPowerShell_v1_0_powershell_exe.bQ8ODxIi2 entropy: 7.99509616805Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\edbres00001.jrs.bQ8ODxIi2 entropy: 7.99969683511Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\edb.log.bQ8ODxIi2 entropy: 7.9996472112Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{F38BF404-1D43-42F2-9305-67DE0B28FC23}_regedit_exe.bQ8ODxIi2 entropy: 7.99451822662Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}_WindowsPowerShell_v1_0_PowerShell_ISE_exe.bQ8ODxIi2 entropy: 7.99498375068Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}_odbcad32_exe.bQ8ODxIi2 entropy: 7.99504686639Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_Java_jre-1_8_bin_javacpl_exe.bQ8ODxIi2 entropy: 7.99477009692Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\edbtmp.log.bQ8ODxIi2 entropy: 7.99963467102Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\edbres00002.jrs.bQ8ODxIi2 entropy: 7.99966084413Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\1696426835649.b06d08be-79e8-4bfe-b6aa-988ea3d35cbd.first-shutdown.jsonlz4.bQ8ODxIi2 entropy: 7.99037856924Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei.bQ8ODxIi2 entropy: 7.99279187091Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\ShaderCache\index.bQ8ODxIi2 entropy: 7.99937605474Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache\index.bQ8ODxIi2 entropy: 7.99934043719Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1.bQ8ODxIi2 entropy: 7.99936488914Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1.bQ8ODxIi2 entropy: 7.99934582776Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\index.bQ8ODxIi2 entropy: 7.99931709528Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user\ActivitiesCache.db-shm.bQ8ODxIi2 entropy: 7.99453097123Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\ThirdPartyNotice.html.bQ8ODxIi2 entropy: 7.99834347825Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_startedInBGMode.etl.bQ8ODxIi2 entropy: 7.99685578194Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-shm.bQ8ODxIi2 entropy: 7.99460026054Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.bQ8ODxIi2 entropy: 7.99930648021Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat.bQ8ODxIi2 entropy: 7.99916647086Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst.bQ8ODxIi2 entropy: 7.99893568732Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxCommAlwaysOnLog.etl.bQ8ODxIi2 entropy: 7.99708238786Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxCommAlwaysOnLog_Old.etl.bQ8ODxIi2 entropy: 7.99716653281Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages.bQ8ODxIi2 entropy: 7.99719108038Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\DesktopNotification\NotificationsDB\notificationsDB.bQ8ODxIi2 entropy: 7.99204739117Jump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\18e190413af045db88dfbd29609eb877.db.bQ8ODxIi2 entropy: 7.99174965Jump to dropped file
              Source: C:\ProgramData\C9C8.tmpFile created: C:\Users\user\Desktop\c8JakemodH.exe entropy: 7.9975353991Jump to dropped file
              Source: C:\ProgramData\C9C8.tmpFile created: C:\Users\user\Desktop\AAAAAAAAAAAAAA (copy) entropy: 7.9975353991Jump to dropped file
              Source: C:\ProgramData\C9C8.tmpFile created: C:\Users\user\Desktop\BBBBBBBBBBBBBB (copy) entropy: 7.9975353991Jump to dropped file
              Source: C:\ProgramData\C9C8.tmpFile created: C:\Users\user\Desktop\CCCCCCCCCCCCCC (copy) entropy: 7.9975353991Jump to dropped file
              Source: C:\ProgramData\C9C8.tmpFile created: C:\Users\user\Desktop\DDDDDDDDDDDDDD (copy) entropy: 7.9975353991Jump to dropped file
              Source: C:\ProgramData\C9C8.tmpFile created: C:\Users\user\Desktop\EEEEEEEEEEEEEE (copy) entropy: 7.9975353991Jump to dropped file
              Source: C:\ProgramData\C9C8.tmpFile created: C:\Users\user\Desktop\FFFFFFFFFFFFFF (copy) entropy: 7.9975353991Jump to dropped file
              Source: C:\ProgramData\C9C8.tmpFile created: C:\Users\user\Desktop\GGGGGGGGGGGGGG (copy) entropy: 7.9975353991Jump to dropped file
              Source: C:\ProgramData\C9C8.tmpFile created: C:\Users\user\Desktop\HHHHHHHHHHHHHH (copy) entropy: 7.9975353991Jump to dropped file
              Source: C:\ProgramData\C9C8.tmpFile created: C:\Users\user\Desktop\IIIIIIIIIIIIII (copy) entropy: 7.9975353991Jump to dropped file
              Source: C:\ProgramData\C9C8.tmpFile created: C:\Users\user\Desktop\JJJJJJJJJJJJJJ (copy) entropy: 7.9975353991Jump to dropped file
              Source: C:\ProgramData\C9C8.tmpFile created: C:\Users\user\Desktop\KKKKKKKKKKKKKK (copy) entropy: 7.9975353991Jump to dropped file
              Source: C:\ProgramData\C9C8.tmpFile created: C:\Users\user\Desktop\LLLLLLLLLLLLLL (copy) entropy: 7.9975353991Jump to dropped file
              Source: C:\ProgramData\C9C8.tmpFile created: C:\Users\user\Desktop\MMMMMMMMMMMMMM (copy) entropy: 7.9975353991Jump to dropped file
              Source: C:\ProgramData\C9C8.tmpFile created: C:\Users\user\Desktop\NNNNNNNNNNNNNN (copy) entropy: 7.9975353991Jump to dropped file
              Source: C:\ProgramData\C9C8.tmpFile created: C:\Users\user\Desktop\OOOOOOOOOOOOOO (copy) entropy: 7.9975353991Jump to dropped file
              Source: C:\ProgramData\C9C8.tmpFile created: C:\Users\user\Desktop\PPPPPPPPPPPPPP (copy) entropy: 7.9975353991Jump to dropped file
              Source: C:\ProgramData\C9C8.tmpFile created: C:\Users\user\Desktop\QQQQQQQQQQQQQQ (copy) entropy: 7.9975353991Jump to dropped file
              Source: C:\ProgramData\C9C8.tmpFile created: C:\Users\user\Desktop\RRRRRRRRRRRRRR (copy) entropy: 7.9975353991Jump to dropped file
              Source: C:\ProgramData\C9C8.tmpFile created: C:\Users\user\Desktop\SSSSSSSSSSSSSS (copy) entropy: 7.9975353991Jump to dropped file
              Source: C:\ProgramData\C9C8.tmpFile created: C:\Users\user\Desktop\TTTTTTTTTTTTTT (copy) entropy: 7.9975353991Jump to dropped file
              Source: C:\ProgramData\C9C8.tmpFile created: C:\Users\user\Desktop\UUUUUUUUUUUUUU (copy) entropy: 7.9975353991Jump to dropped file
              Source: C:\ProgramData\C9C8.tmpFile created: C:\Users\user\Desktop\VVVVVVVVVVVVVV (copy) entropy: 7.9975353991Jump to dropped file
              Source: C:\ProgramData\C9C8.tmpFile created: C:\Users\user\Desktop\WWWWWWWWWWWWWW (copy) entropy: 7.9975353991Jump to dropped file
              Source: C:\ProgramData\C9C8.tmpFile created: C:\Users\user\Desktop\XXXXXXXXXXXXXX (copy) entropy: 7.9975353991Jump to dropped file
              Source: C:\ProgramData\C9C8.tmpFile created: C:\Users\user\Desktop\YYYYYYYYYYYYYY (copy) entropy: 7.9975353991Jump to dropped file
              Source: C:\ProgramData\C9C8.tmpFile created: C:\Users\user\Desktop\ZZZZZZZZZZZZZZ (copy) entropy: 7.9975353991Jump to dropped file

              System Summary

              barindex
              Source: c8JakemodH.exe, type: SAMPLEMatched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
              Source: 0.0.c8JakemodH.exe.b20000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
              Source: 0.2.c8JakemodH.exe.b20000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
              Source: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
              Source: 00000000.00000000.1957084963.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B30410 GetTempFileNameW,CreateFileW,WriteFile,CreateProcessW,NtQueryInformationProcess,NtReadVirtualMemory,NtProtectVirtualMemory,NtWriteVirtualMemory,CreateNamedPipeW,ResumeThread,ConnectNamedPipe,0_2_00B30410
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B26C60 NtQueryInformationToken,0_2_00B26C60
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B29850 NtClose,0_2_00B29850
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B2B5D0 NtQueryInformationToken,0_2_00B2B5D0
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B2DDD4 SetThreadPriority,ReadFile,WriteFile,WriteFile,NtClose,0_2_00B2DDD4
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B2E144 CreateThread,NtClose,0_2_00B2E144
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B2B690 NtSetInformationProcess,NtSetInformationProcess,NtSetInformationProcess,0_2_00B2B690
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B27E28 NtQuerySystemInformation,Sleep,0_2_00B27E28
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B26654 CreateFileW,NtAllocateVirtualMemory,WriteFile,SetFilePointerEx,NtFreeVirtualMemory,NtClose,DeleteFileW,0_2_00B26654
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B2E3B8 SetFileAttributesW,CreateFileW,SetFilePointerEx,ReadFile,NtClose,0_2_00B2E3B8
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B2DBBC NtTerminateProcess,0_2_00B2DBBC
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B297A8 NtQuerySystemInformation,0_2_00B297A8
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B2B390 NtSetInformationThread,NtClose,0_2_00B2B390
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B36F90 CreateThread,CreateThread,CreateThread,CreateThread,NtTerminateThread,CreateThread,CreateThread,0_2_00B36F90
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B28F38 RtlAdjustPrivilege,NtSetInformationThread,0_2_00B28F38
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B2C354 CreateFileW,WriteFile,RegCreateKeyExW,RegSetValueExW,RegCreateKeyExW,RegSetValueExW,SHChangeNotify,NtClose,0_2_00B2C354
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B27E73 NtQuerySystemInformation,Sleep,0_2_00B27E73
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B27E5A NtQuerySystemInformation,Sleep,0_2_00B27E5A
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B297FA NtQuerySystemInformation,0_2_00B297FA
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B297E1 NtQuerySystemInformation,0_2_00B297E1
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B28F36 RtlAdjustPrivilege,NtSetInformationThread,0_2_00B28F36
              Source: C:\ProgramData\C9C8.tmpCode function: 7_2_00402760 CreateFileW,ReadFile,NtClose,7_2_00402760
              Source: C:\ProgramData\C9C8.tmpCode function: 7_2_0040286C NtSetInformationProcess,NtSetInformationProcess,NtSetInformationProcess,7_2_0040286C
              Source: C:\ProgramData\C9C8.tmpCode function: 7_2_00402F18 CreateFileW,NtAllocateVirtualMemory,WriteFile,SetFilePointerEx,SetFilePointerEx,NtFreeVirtualMemory,NtClose,DeleteFileW,7_2_00402F18
              Source: C:\ProgramData\C9C8.tmpCode function: 7_2_00401DC2 NtProtectVirtualMemory,7_2_00401DC2
              Source: C:\ProgramData\C9C8.tmpCode function: 7_2_00401D94 NtSetInformationThread,7_2_00401D94
              Source: C:\ProgramData\C9C8.tmpCode function: 7_2_004016B4 NtAllocateVirtualMemory,NtAllocateVirtualMemory,7_2_004016B4
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B2A65C: GetVolumeNameForVolumeMountPointW,FindFirstVolumeW,GetVolumePathNamesForVolumeNameW,GetDriveTypeW,CreateFileW,DeviceIoControl,0_2_00B2A65C
              Source: C:\Windows\splwow64.exeFile created: C:\Windows\system32\spool\PRINTERS\00002.SPL
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B220BC0_2_00B220BC
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B280880_2_00B28088
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B24D130_2_00B24D13
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B24D180_2_00B24D18
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B252280_2_00B25228
              Source: Joe Sandbox ViewDropped File: C:\ProgramData\C9C8.tmp 917E115CC403E29B4388E0D175CBFAC3E7E40CA1742299FBDB353847DB2DE7C2
              Source: C:\Users\user\Desktop\c8JakemodH.exeProcess token adjusted: Security
              Source: c8JakemodH.exe, 00000000.00000003.2139222855.00000000011C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesvchost.exe.muij% vs c8JakemodH.exe
              Source: c8JakemodH.exe, 00000000.00000003.2141580137.00000000011C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesvchost.exe.muij% vs c8JakemodH.exe
              Source: c8JakemodH.exe, 00000000.00000003.2145381928.00000000011C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesvchost.exe.muij% vs c8JakemodH.exe
              Source: c8JakemodH.exe, 00000000.00000003.2137193205.00000000011C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesvchost.exe.muij% vs c8JakemodH.exe
              Source: c8JakemodH.exe, 00000000.00000003.2141099878.00000000011C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesvchost.exe.muij% vs c8JakemodH.exe
              Source: c8JakemodH.exe, 00000000.00000003.2145882343.00000000011C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesvchost.exe.muij% vs c8JakemodH.exe
              Source: c8JakemodH.exe, 00000000.00000003.2134392695.00000000011C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesvchost.exe.muij% vs c8JakemodH.exe
              Source: c8JakemodH.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: c8JakemodH.exe, type: SAMPLEMatched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
              Source: 0.0.c8JakemodH.exe.b20000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
              Source: 0.2.c8JakemodH.exe.b20000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
              Source: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
              Source: 00000000.00000000.1957084963.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
              Source: C9C8.tmp.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: classification engineClassification label: mal100.rans.phis.spyw.evad.winEXE@9/1689@0/0
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\ProgramData\C9C8.tmpMutant created: \Sessions\1\BaseNamedObjects\Global\{649F4E29-16CB-DD42-8922-9FFF0592856B}
              Source: C:\Users\user\Desktop\c8JakemodH.exeMutant created: \Sessions\1\BaseNamedObjects\Global\c3e8077c44eccd267b71aef0de85c318
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4844:120:WilError_03
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\c8JakemodH.exe "C:\Users\user\Desktop\c8JakemodH.exe"
              Source: C:\Users\user\Desktop\c8JakemodH.exeProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
              Source: C:\Users\user\Desktop\c8JakemodH.exeProcess created: C:\ProgramData\C9C8.tmp "C:\ProgramData\C9C8.tmp"
              Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE /insertdoc "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\{DCDCAFEB-5EC4-4F60-8F7C-E85EB48A28C7}.xps" 133594707154290000
              Source: C:\ProgramData\C9C8.tmpProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\C9C8.tmp >> NUL
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\Desktop\c8JakemodH.exeProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeProcess created: C:\ProgramData\C9C8.tmp "C:\ProgramData\C9C8.tmp"Jump to behavior
              Source: C:\ProgramData\C9C8.tmpProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\C9C8.tmp >> NUL
              Source: C:\Users\user\Desktop\c8JakemodH.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeSection loaded: wtsapi32.dllJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeSection loaded: rstrtmgr.dllJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeSection loaded: netapi32.dllJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeSection loaded: wkscli.dllJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeSection loaded: samcli.dllJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeSection loaded: logoncli.dllJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeSection loaded: activeds.dllJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeSection loaded: adsldpc.dllJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeSection loaded: wsock32.dllJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeSection loaded: gpedit.dllJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeSection loaded: dssec.dllJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeSection loaded: dsuiext.dllJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeSection loaded: framedynos.dllJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeSection loaded: authz.dllJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeSection loaded: dsrole.dllJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeSection loaded: ntdsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeSection loaded: adsldp.dllJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeSection loaded: sxs.dllJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeSection loaded: mscms.dllJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeSection loaded: coloradapterclient.dllJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeSection loaded: textshaping.dllJump to behavior
              Source: C:\ProgramData\C9C8.tmpSection loaded: apphelp.dll
              Source: C:\ProgramData\C9C8.tmpSection loaded: rstrtmgr.dll
              Source: C:\ProgramData\C9C8.tmpSection loaded: ncrypt.dll
              Source: C:\ProgramData\C9C8.tmpSection loaded: ntasn1.dll
              Source: C:\ProgramData\C9C8.tmpSection loaded: windows.storage.dll
              Source: C:\ProgramData\C9C8.tmpSection loaded: wldp.dll
              Source: C:\ProgramData\C9C8.tmpSection loaded: kernel.appcore.dll
              Source: C:\ProgramData\C9C8.tmpSection loaded: uxtheme.dll
              Source: C:\ProgramData\C9C8.tmpSection loaded: propsys.dll
              Source: C:\ProgramData\C9C8.tmpSection loaded: profapi.dll
              Source: C:\ProgramData\C9C8.tmpSection loaded: edputil.dll
              Source: C:\ProgramData\C9C8.tmpSection loaded: urlmon.dll
              Source: C:\ProgramData\C9C8.tmpSection loaded: iertutil.dll
              Source: C:\ProgramData\C9C8.tmpSection loaded: srvcli.dll
              Source: C:\ProgramData\C9C8.tmpSection loaded: netutils.dll
              Source: C:\ProgramData\C9C8.tmpSection loaded: windows.staterepositoryps.dll
              Source: C:\ProgramData\C9C8.tmpSection loaded: sspicli.dll
              Source: C:\ProgramData\C9C8.tmpSection loaded: wintypes.dll
              Source: C:\ProgramData\C9C8.tmpSection loaded: appresolver.dll
              Source: C:\ProgramData\C9C8.tmpSection loaded: bcp47langs.dll
              Source: C:\ProgramData\C9C8.tmpSection loaded: slc.dll
              Source: C:\ProgramData\C9C8.tmpSection loaded: userenv.dll
              Source: C:\ProgramData\C9C8.tmpSection loaded: sppc.dll
              Source: C:\ProgramData\C9C8.tmpSection loaded: onecorecommonproxystub.dll
              Source: C:\ProgramData\C9C8.tmpSection loaded: onecoreuapcommonproxystub.dll
              Source: C:\Users\user\Desktop\c8JakemodH.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CB8555CC-9128-11D1-AD9B-00C04FD8FDFF}\InprocServer32Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile written: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.iniJump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
              Source: c8JakemodH.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: c8JakemodH.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
              Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: c8JakemodH.exe, 00000000.00000003.2134423304.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.2041782590.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.2046205022.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.2034691703.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.2027377459.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.2032232640.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.2035755547.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.2033963173.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.2025508004.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.2031930430.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.2033345504.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.2038271812.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.2041067930.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.2028668618.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.2042691633.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.2017971506.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.2028077596.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.2038527038.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.2038141254.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.2027768395.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.2030185049.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.2029424729.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.2035960248.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.2037887431.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.2034592402.00000000011AA000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error6 source: c8JakemodH.exe, 00000000.00000003.2017789325.00000000011AC000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \\?\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: c8JakemodH.exe, 00000000.00000003.2017789325.00000000011AC000.00000004.00000020.00020000.00000000.sdmp
              Source: c8JakemodH.exeStatic PE information: real checksum: 0x326e4 should be: 0x309ca
              Source: C9C8.tmp.0.drStatic PE information: real checksum: 0x8fd0 should be: 0x4f26
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B2619D pushfd ; iretd 0_2_00B2619E
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B235E3 push 0000006Ah; retf 0_2_00B23654
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B235E5 push 0000006Ah; retf 0_2_00B23654
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B2357B push 0000006Ah; retf 0_2_00B23654
              Source: C9C8.tmp.0.drStatic PE information: section name: .text entropy: 7.985216639497568
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\ProgramData\C9C8.tmpJump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\ProgramData\C9C8.tmpJump to dropped file
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Videos\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Searches\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Saved Games\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Recent\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Pictures\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Pictures\Saved Pictures\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Pictures\Camera Roll\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\OneDrive\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Music\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Links\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Favorites\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Favorites\Links\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Downloads\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Documents\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Documents\SUAVTZKNFL\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Documents\PIVFAGEAAV\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Documents\GRXZDKKVDB\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Documents\GIGIYTFFYT\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Documents\EIVQSAOTAQ\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Documents\EFOYFBOLXA\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Desktop\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Desktop\SUAVTZKNFL\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Desktop\PIVFAGEAAV\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Desktop\GRXZDKKVDB\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Desktop\GIGIYTFFYT\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Desktop\EIVQSAOTAQ\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Desktop\EFOYFBOLXA\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\Contacts\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yiaxs5ej.default\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\to-be-removed\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\temporary\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\security_state\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\saved-telemetry-pings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\minidumps\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\tmp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\events\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\db\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\events\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\bookmarkbackups\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Pending Pings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\events\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Extensions\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\f2eb6c79-671d-4de2-b7be-3b2eea7abc47\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\6d9d9777-7ded-4768-8191-9a707d72b009\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\61f56613-c62c-4b17-84dd-62b60d5776aa\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\56079431-ea46-4833-94f9-1ff5658cdb1c\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Adobe\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Sonar\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Sonar\SonarCC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Adobe\RTTransfer\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Adobe\LogTransport2CC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Adobe\LogTransport2\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Linguistics\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Headlights\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Flash Player\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Flash Player\NativeCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Adobe\CRLogs\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Adobe\CRLogs\crashlogs\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\Preflight Acrobat Continuous\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Forms\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Collab\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Linguistics\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cookie\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\VideoDecodeStats\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\index-dir\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\dd432c4a-ba38-4070-9985-ed1b3bea85dc\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\assets\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\DesktopNotification\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\DesktopNotification\NotificationsDB\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\VirtualStore\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\Symbols\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_5172_761252224\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_5172_1791500899\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_2640_817343797\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\mozilla-temp-files\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\Low\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_995017740\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_778675694\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_736602331\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_649288342\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_339006160\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_27162369\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1988346647\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1959985254\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1807723660\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1693012001\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1635976352\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1619438387\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1485273224\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1421574262\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1318414972\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1289371347\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1234978473\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1191663050\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1090636871\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\Diagnostics\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\SearchEmbdIndex\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\acrocef_low\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat\DC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\SolidDocuments\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\SolidDocuments\Acrobat\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Publishers\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\SettingsContainer\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Microsoft.WindowsAlarms\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Licenses\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Fonts\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\PlaceholderTileLogoFolder\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\PeerDistRepub\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalState\DiagOutputDir\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\BackgroundTransferApi\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\Flighting\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{99fff775-938d-4e2c-9c06-5d56107a5383}\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{2737c7bb-35fb-4b44-baf9-033ca587595d}\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{4e763a36-90d3-4d6c-9949-dd01f7e5d23f}\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{ea91a05a-d98f-4429-81a9-272df0335447}\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{de0f148a-c476-467a-b7a3-14b0bb463140}\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{468da3e9-080c-4716-8706-e51d871661d0}\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\CacheStorage\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\TempState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\SystemAppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\Settings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\RoamingState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\LocalState\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\LocalCache\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AppData\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AC\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AC\Temp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\TempState\bQ8ODxIi2.README.txtJump to behavior

              Hooking and other Techniques for Hiding and Protection

              barindex
              Source: C:\ProgramData\C9C8.tmpProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\C9C8.tmp >> NUL
              Source: C:\ProgramData\C9C8.tmpProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\C9C8.tmp >> NUL
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B29198 RegCreateKeyExW,RegEnumKeyW,RegCreateKeyExW,RegSetValueExW,RegSetValueExW,OpenEventLogW,ClearEventLogW,RegCreateKeyExW,RegEnumKeyW,OpenEventLogW,ClearEventLogW,0_2_00B29198
              Source: C:\Users\user\Desktop\c8JakemodH.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
              Source: C:\ProgramData\C9C8.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
              Source: C:\ProgramData\C9C8.tmpProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\ProgramData\C9C8.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
              Source: C:\ProgramData\C9C8.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
              Source: C:\ProgramData\C9C8.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
              Source: C:\ProgramData\C9C8.tmpProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\ProgramData\C9C8.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
              Source: C:\ProgramData\C9C8.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
              Source: C:\ProgramData\C9C8.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
              Source: C:\ProgramData\C9C8.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
              Source: C:\ProgramData\C9C8.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
              Source: C:\ProgramData\C9C8.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
              Source: C:\ProgramData\C9C8.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
              Source: C:\ProgramData\C9C8.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX

              Malware Analysis System Evasion

              barindex
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B210D4 0_2_00B210D4
              Source: C:\ProgramData\C9C8.tmpCode function: 7_2_00401E28 7_2_00401E28
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B210D4 rdtsc 0_2_00B210D4
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B2748C FindFirstFileExW,FindNextFileW,0_2_00B2748C
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B25C34 FindFirstFileW,FindClose,FindNextFileW,FindClose,0_2_00B25C34
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B2A064 FindFirstFileExW,FindClose,0_2_00B2A064
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B27560 FindFirstFileExW,FindClose,0_2_00B27560
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B2763C FindFirstFileExW,GetFileAttributesW,FindNextFileW,0_2_00B2763C
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B2F264 GetFileAttributesW,SetThreadPriority,FindFirstFileExW,FindNextFileW,FindClose,0_2_00B2F264
              Source: C:\ProgramData\C9C8.tmpCode function: 7_2_0040227C FindFirstFileExW,7_2_0040227C
              Source: C:\ProgramData\C9C8.tmpCode function: 7_2_0040152C FindFirstFileExW,FindClose,FindNextFileW,FindClose,7_2_0040152C
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B27438 GetLogicalDriveStringsW,GetDriveTypeW,0_2_00B27438
              Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\SearchEmbdIndex\Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Jump to behavior
              Source: c8JakemodH.exe, 00000000.00000003.2047088869.000000000128A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: *|turn windows features on or off*|hyper-v:wux:hyper-v4937
              Source: c8JakemodH.exe, 00000000.00000003.2045247510.00000000013C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hyper-v:wux:hyper-v~
              Source: C:\Users\user\Desktop\c8JakemodH.exeProcess information queried: ProcessInformation

              Anti Debugging

              barindex
              Source: C:\ProgramData\C9C8.tmpThread information set: HideFromDebugger
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B210D4 rdtsc 0_2_00B210D4
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B25A30 LdrLoadDll,0_2_00B25A30
              Source: C:\Users\user\Desktop\c8JakemodH.exeProcess token adjusted: Debug
              Source: C:\Users\user\Desktop\c8JakemodH.exeProcess token adjusted: Debug
              Source: C:\Users\user\Desktop\c8JakemodH.exeProcess token adjusted: Debug

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Source: C:\Users\user\Desktop\c8JakemodH.exeMemory written: C:\ProgramData\C9C8.tmp base: 401000Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeProcess created: C:\ProgramData\C9C8.tmp "C:\ProgramData\C9C8.tmp"Jump to behavior
              Source: C:\ProgramData\C9C8.tmpProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\C9C8.tmp >> NUL
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B210D4 cpuid 0_2_00B210D4
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: EntryPoint,ExitProcess,GetFileAttributesW,GetLastError,FreeLibrary,GetCommandLineA,GetModuleHandleA,GetLocaleInfoW,GetCommandLineW,GetProcAddress,GetLastError,GetLastError,FreeLibrary,CreateDialogParamW,LoadImageW,CreateWindowExW,LoadImageW,LoadMenuW,DefWindowProcW,LoadMenuW,IsDlgButtonChecked,GetDlgItem,LoadImageW,CreateDIBitmap,GetDeviceCaps,SelectObject,CreateFontW,GetPixel,GetDeviceCaps,SetPixel,BitBlt,SelectPalette,GetTextColor,GetTextColor,CreateFontW,CreateSolidBrush,0_2_00B3946F
              Source: C:\ProgramData\C9C8.tmpCode function: EntryPoint,ExitProcess,GetModuleHandleW,GetCommandLineW,GetModuleHandleA,GetCommandLineW,GetLocaleInfoW,GetLastError,FreeLibrary,FreeLibrary,GetProcAddress,CreateWindowExW,DefWindowProcW,GetWindowTextW,LoadMenuW,LoadMenuW,DefWindowProcW,SetTextColor,GetTextCharset,TextOutW,SetTextColor,GetTextColor,CreateFontW,GetTextColor,CreateDIBitmap,SelectObject,GetTextColor,CreateFontW,7_2_00403983
              Source: C:\Users\user\Desktop\c8JakemodH.exeCode function: 0_2_00B30410 GetTempFileNameW,CreateFileW,WriteFile,CreateProcessW,NtQueryInformationProcess,NtReadVirtualMemory,NtProtectVirtualMemory,NtWriteVirtualMemory,CreateNamedPipeW,ResumeThread,ConnectNamedPipe,0_2_00B30410

              Lowering of HIPS / PFW / Operating System Security Settings

              barindex
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yiaxs5ej.default\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\to-be-removed\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\temporary\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\security_state\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\saved-telemetry-pings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\minidumps\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\tmp\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\events\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\db\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\events\bQ8ODxIi2.README.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\bookmarkbackups\bQ8ODxIi2.README.txtJump to behavior

              Stealing of Sensitive Information

              barindex
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cert9.dbJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\favicons.sqliteJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\permissions.sqlite.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shmJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\AlternateServices.txt.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\events\events.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\targeting.snapshot.json.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addonStartup.json.lz4.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\1696426835635.a669692a-f9c9-42c0-a803-7b87d3ff5834.new-profile.jsonlz4Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\1696426840727.86be03dd-6b03-42f5-89cd-4606f43d25ad.health.jsonlz4.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings\b8f053a5-de16-4a2c-8120-1ab4aadd63e8Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings\ae04dde8-69a1-49f8-95f1-d533ed587ff6.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqliteJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqliteJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\1696426840727.01c0ecdb-8e59-4210-95f1-0fd0406e84ad.event.jsonlz4Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\search.json.mozlz4Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\compatibility.ini.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\ExperimentStoreData.json.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\AlternateServices.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\1696426840708.3c7034d6-bc52-43bb-9a23-5da34ee205e0.health.jsonlz4Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\favicons.sqlite.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\upgrade.jsonlz4-20230927232528Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings\43bb9a55-74a2-452e-8233-6899a7f737b0.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\previous.jsonlz4Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\content-prefs.sqliteJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\saved-telemetry-pings\3c7034d6-bc52-43bb-9a23-5da34ee205e0.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings\b8f053a5-de16-4a2c-8120-1ab4aadd63e8.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\saved-telemetry-pings\3c7034d6-bc52-43bb-9a23-5da34ee205e0Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore.jsonlz4Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\1696426835647.a83301c6-790b-49f3-adc7-55a855f7fe79.main.jsonlz4Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\times.json.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\handlers.json.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\1696426840727.01c0ecdb-8e59-4210-95f1-0fd0406e84ad.event.jsonlz4.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shmJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shmJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\events\eventsJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\ls-archive.sqlite.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\SiteSecurityServiceState.txt.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\targeting.snapshot.jsonJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\1696426840748.a8c1f564-c2e2-4ef8-a85f-52a56488f193.main.jsonlz4.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\shield-preference-experiments.json.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shm.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage.sqliteJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqliteJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\saved-telemetry-pings\a83301c6-790b-49f3-adc7-55a855f7fe79Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqliteJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shmJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\.metadata-v2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\xulstore.json.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\webappsstore.sqlite.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\1696426835635.a669692a-f9c9-42c0-a803-7b87d3ff5834.new-profile.jsonlz4.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\protections.sqlite.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\1696426835643.9a3c31ca-35e4-421e-91e1-5f7b9bd27492.event.jsonlz4.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\1696426835649.b06d08be-79e8-4bfe-b6aa-988ea3d35cbd.first-shutdown.jsonlz4.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionCheckpoints.jsonJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\saved-telemetry-pings\a83301c6-790b-49f3-adc7-55a855f7fe79.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\events\background-update.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\ls-archive.sqliteJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.jsJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage.sqlite.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\.metadata-v2.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\containers.jsonJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\1696426835647.a83301c6-790b-49f3-adc7-55a855f7fe79.main.jsonlz4.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\handlers.jsonJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\extension-preferences.jsonJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.db.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\search.json.mozlz4.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\content-prefs.sqlite.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\1696426840708.3c7034d6-bc52-43bb-9a23-5da34ee205e0.health.jsonlz4.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yiaxs5ej.default\times.json.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addons.json.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cert9.db.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\favicons.sqlite-shmJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\pkcs11.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\session-state.json.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings\43bb9a55-74a2-452e-8233-6899a7f737b0Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\1696426835649.b06d08be-79e8-4bfe-b6aa-988ea3d35cbd.first-shutdown.jsonlz4Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\pkcs11.txt.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\compatibility.iniJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\1696426840748.a8c1f564-c2e2-4ef8-a85f-52a56488f193.main.jsonlz4Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\webappsstore.sqliteJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\containers.json.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\state.json.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore.jsonlz4.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\session-state.jsonJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\times.jsonJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\webappsstore.sqlite-shm.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yiaxs5ej.default\times.jsonJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings\7755ad51-2370-4623-9d21-15c89f2143dbJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqliteJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\1696426835643.9a3c31ca-35e4-421e-91e1-5f7b9bd27492.event.jsonlz4Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shm.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\upgrade.jsonlz4-20230927232528.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\1696426840727.86be03dd-6b03-42f5-89cd-4606f43d25ad.health.jsonlz4Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\state.jsonJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings\ae04dde8-69a1-49f8-95f1-d533ed587ff6Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqliteJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\xulstore.jsonJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addonStartup.json.lz4Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\favicons.sqlite-shm.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addons.jsonJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\permissions.sqliteJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\protections.sqliteJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\webappsstore.sqlite-shmJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\previous.jsonlz4.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\shield-preference-experiments.jsonJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionCheckpoints.json.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings\7755ad51-2370-4623-9d21-15c89f2143db.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shmJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqliteJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\events\background-updateJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.dbJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\extension-preferences.json.bQ8ODxIi2Jump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\ExperimentStoreData.jsonJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\SiteSecurityServiceState.txtJump to behavior
              Source: C:\Users\user\Desktop\c8JakemodH.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shmJump to behavior
              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
              DLL Side-Loading
              112
              Process Injection
              11
              Masquerading
              1
              OS Credential Dumping
              311
              Security Software Discovery
              Remote Services1
              Archive Collected Data
              1
              Encrypted Channel
              Exfiltration Over Other Network Medium2
              Data Encrypted for Impact
              CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
              DLL Side-Loading
              11
              Virtualization/Sandbox Evasion
              LSASS Memory1
              Process Discovery
              Remote Desktop Protocol1
              Browser Session Hijacking
              1
              Proxy
              Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)112
              Process Injection
              Security Account Manager11
              Virtualization/Sandbox Evasion
              SMB/Windows Admin Shares1
              Data from Local System
              SteganographyAutomated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
              Obfuscated Files or Information
              NTDS5
              File and Directory Discovery
              Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
              Software Packing
              LSA Secrets122
              System Information Discovery
              SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
              Indicator Removal
              Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
              DLL Side-Loading
              DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
              File Deletion
              Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 signatures2 2 Behavior Graph ID: 1436723 Sample: c8JakemodH.exe Startdate: 06/05/2024 Architecture: WINDOWS Score: 100 40 Multi AV Scanner detection for domain / URL 2->40 42 Malicious sample detected (through community Yara rule) 2->42 44 Antivirus detection for URL or domain 2->44 46 5 other signatures 2->46 8 c8JakemodH.exe 32 1002 2->8         started        12 ONENOTE.EXE 2->12         started        process3 file4 24 C:\Users\user\...\1239919175.bQ8ODxIi2, COM 8->24 dropped 26 {1AC14E77-02E7-4E5...nfo32_exe.bQ8ODxIi2, COM 8->26 dropped 28 {1AC14E77-02E7-4E5...frgui_exe.bQ8ODxIi2, DOS 8->28 dropped 30 118 other malicious files 8->30 dropped 48 Found potential ransomware demand text 8->48 50 Found Tor onion address 8->50 52 Contains functionality to detect hardware virtualization (CPUID execution measurement) 8->52 54 7 other signatures 8->54 14 C9C8.tmp 8->14         started        18 splwow64.exe 8->18         started        signatures5 process6 file7 32 C:\Users\user\Desktop\c8JakemodH.exe, data 14->32 dropped 34 C:\Users\user\Desktop\ZZZZZZZZZZZZZZ (copy), data 14->34 dropped 36 C:\Users\user\Desktop\YYYYYYYYYYYYYY (copy), data 14->36 dropped 38 24 other malicious files 14->38 dropped 56 Antivirus detection for dropped file 14->56 58 Multi AV Scanner detection for dropped file 14->58 60 Contains functionality to detect hardware virtualization (CPUID execution measurement) 14->60 62 3 other signatures 14->62 20 cmd.exe 14->20         started        signatures8 process9 process10 22 conhost.exe 20->22         started       

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand
              SourceDetectionScannerLabelLink
              c8JakemodH.exe100%AviraBDS/ZeroAccess.Gen7
              c8JakemodH.exe100%Joe Sandbox ML
              SourceDetectionScannerLabelLink
              C:\ProgramData\C9C8.tmp100%AviraTR/Crypt.ZPACK.Gen
              C:\ProgramData\C9C8.tmp100%Joe Sandbox ML
              C:\ProgramData\C9C8.tmp83%ReversingLabsWin32.Trojan.Malgent
              C:\ProgramData\C9C8.tmp83%VirustotalBrowse
              No Antivirus matches
              No Antivirus matches
              SourceDetectionScannerLabelLink
              https://cdn.entity.0%URL Reputationsafe
              https://cdn.entity.0%URL Reputationsafe
              https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
              https://api.aadrm.com/0%URL Reputationsafe
              https://messagebroker.mobile.m365.svc.cloud.microsoft0%URL Reputationsafe
              https://otelrules.svc.static.microsoft0%URL Reputationsafe
              https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
              https://officeci.azurewebsites.net/api/0%URL Reputationsafe
              https://my.microsoftpersonalcontent.com0%URL Reputationsafe
              https://store.office.cn/addinstemplate0%URL Reputationsafe
              https://www.odwebp.svc.ms0%URL Reputationsafe
              https://www.odwebp.svc.ms0%URL Reputationsafe
              https://api.addins.store.officeppe.com/addinstemplate0%URL Reputationsafe
              https://bugzilla.mo0%URL Reputationsafe
              https://ncus.contentsync.0%URL Reputationsafe
              https://wus2.contentsync.0%URL Reputationsafe
              https://skyapi.live.net/Activity/0%URL Reputationsafe
              https://api.cortana.ai0%URL Reputationsafe
              https://www.amazon.co.uk/0%URL Reputationsafe
              https://staging.cortana.ai0%URL Reputationsafe
              https://wus2.pagecontentsync.0%URL Reputationsafe
              https://cortana.ai/api0%URL Reputationsafe
              http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onione$0%Avira URL Cloudsafe
              http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion100%Avira URL Cloudmalware
              https://www.bbc.co.uk/0%Avira URL Cloudsafe
              https://d.docs.live.net0%Avira URL Cloudsafe
              http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onionB%0%Avira URL Cloudsafe
              http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onionl.$0%Avira URL Cloudsafe
              http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionl5%0%Avira URL Cloudsafe
              http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion11%VirustotalBrowse
              http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion;$0%Avira URL Cloudsafe
              http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionackages0%Avira URL Cloudsafe
              https://www.bbc.co.uk/0%VirustotalBrowse
              https://d.docs.live.net0%VirustotalBrowse
              No contacted domains info
              NameSourceMaliciousAntivirus DetectionReputation
              https://shell.suite.office.com:144374838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                high
                https://autodiscover-s.outlook.com/74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                  high
                  https://useraudit.o365auditrealtimeingestion.manage.office.com74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                    high
                    https://outlook.office365.com/connectors74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                      high
                      https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                        high
                        http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onione$c8JakemodH.exe, 00000000.00000002.2326567241.00000000012E0000.00000004.00000020.00020000.00000000.sdmptrue
                        • Avira URL Cloud: safe
                        low
                        https://cdn.entity.74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        unknown
                        https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                          high
                          https://rpsticket.partnerservices.getmicrosoftkey.com74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                          • URL Reputation: safe
                          unknown
                          https://lookup.onenote.com/lookup/geolocation/v174838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                            high
                            https://www.leboncoin.fr/c8JakemodH.exe, 00000000.00000003.1979092937.0000000001267000.00000004.00000020.00020000.00000000.sdmpfalse
                              high
                              https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                high
                                https://api.aadrm.com/74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                • URL Reputation: safe
                                unknown
                                https://www.yammer.com74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                  high
                                  https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                    high
                                    https://api.microsoftstream.com/api/74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                      high
                                      https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                        high
                                        https://cr.office.com74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                          high
                                          https://messagebroker.mobile.m365.svc.cloud.microsoft74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                          • URL Reputation: safe
                                          unknown
                                          https://otelrules.svc.static.microsoft74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                          • URL Reputation: safe
                                          unknown
                                          https://edge.skype.com/registrar/prod74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                            high
                                            https://res.getmicrosoftkey.com/api/redemptionevents74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                            • URL Reputation: safe
                                            unknown
                                            https://tasks.office.com74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                              high
                                              https://officeci.azurewebsites.net/api/74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                              • URL Reputation: safe
                                              unknown
                                              https://my.microsoftpersonalcontent.com74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                              • URL Reputation: safe
                                              unknown
                                              https://store.office.cn/addinstemplate74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                              • URL Reputation: safe
                                              unknown
                                              http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionc8JakemodH.exe, 00000000.00000002.2326762861.00000000013A1000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000002.2326567241.00000000012E0000.00000004.00000020.00020000.00000000.sdmptrue
                                              • 11%, Virustotal, Browse
                                              • Avira URL Cloud: malware
                                              unknown
                                              https://edge.skype.com/rps74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                high
                                                https://messaging.engagement.office.com/74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                  high
                                                  https://www.amazon.com/c8JakemodH.exe, 00000000.00000003.1979092937.0000000001267000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.1978284906.000000000127A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    high
                                                    https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                      high
                                                      https://www.odwebp.svc.ms74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      unknown
                                                      https://api.powerbi.com/v1.0/myorg/groups74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                        high
                                                        https://web.microsoftstream.com/video/74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                          high
                                                          https://api.addins.store.officeppe.com/addinstemplate74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                          • URL Reputation: safe
                                                          unknown
                                                          https://graph.windows.net74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                            high
                                                            https://www.youtube.com/c8JakemodH.exe, 00000000.00000003.1978284906.000000000127A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              high
                                                              https://www.bbc.co.uk/c8JakemodH.exe, 00000000.00000003.1979092937.0000000001267000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • 0%, Virustotal, Browse
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              https://bugzilla.moc8JakemodH.exe, 00000000.00000003.1978284906.000000000127A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              unknown
                                                              https://consent.config.office.com/consentcheckin/v1.0/consents74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                                high
                                                                https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                                  high
                                                                  https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                                    high
                                                                    https://d.docs.live.net74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                                    • 0%, Virustotal, Browse
                                                                    • Avira URL Cloud: safe
                                                                    unknown
                                                                    https://safelinks.protection.outlook.com/api/GetPolicy74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                                      high
                                                                      https://ncus.contentsync.74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                                      • URL Reputation: safe
                                                                      unknown
                                                                      https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                                        high
                                                                        http://weather.service.msn.com/data.aspx74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                                          high
                                                                          https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                                            high
                                                                            https://www.iqiyi.com/c8JakemodH.exe, 00000000.00000003.1979092937.0000000001267000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              high
                                                                              https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                                                high
                                                                                https://pushchannel.1drv.ms74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                                                  high
                                                                                  https://wus2.contentsync.74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                                                  • URL Reputation: safe
                                                                                  unknown
                                                                                  https://clients.config.office.net/user/v1.0/ios74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                                                    high
                                                                                    https://api.addins.omex.office.net/api/addins/search74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                                                      high
                                                                                      https://outlook.office365.com/api/v1.0/me/Activities74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                                                        high
                                                                                        https://clients.config.office.net/user/v1.0/android/policies74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                                                          high
                                                                                          https://entitlement.diagnostics.office.com74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                                                            high
                                                                                            https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                                                              high
                                                                                              http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onionB%c8JakemodH.exe, 00000000.00000002.2326567241.00000000012E0000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                              • Avira URL Cloud: safe
                                                                                              low
                                                                                              https://outlook.office.com/74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                                                                high
                                                                                                https://storage.live.com/clientlogs/uploadlocation74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                                                                  high
                                                                                                  http://mozilla.org/MPL/2.0/.c8JakemodH.exe, 00000000.00000003.2128642344.0000000001473000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionl5%c8JakemodH.exe, 00000000.00000002.2326567241.00000000012E0000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                    • Avira URL Cloud: safe
                                                                                                    low
                                                                                                    https://login.microsoftonline.com74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                                                                      high
                                                                                                      https://substrate.office.com/search/api/v1/SearchHistory74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                                                                        high
                                                                                                        https://www.zhihu.com/c8JakemodH.exe, 00000000.00000003.1979092937.0000000001278000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          https://clients.config.office.net/c2r/v1.0/InteractiveInstallation74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                                                                            high
                                                                                                            https://graph.windows.net/74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                                                                              high
                                                                                                              https://devnull.onenote.com74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                                                                                high
                                                                                                                https://messaging.office.com/74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                                                                                  high
                                                                                                                  https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                                                                                    high
                                                                                                                    https://skyapi.live.net/Activity/74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    unknown
                                                                                                                    https://api.cortana.ai74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    unknown
                                                                                                                    https://www.amazon.co.uk/c8JakemodH.exe, 00000000.00000003.1979092937.0000000001267000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    unknown
                                                                                                                    http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onionl.$c8JakemodH.exe, 00000000.00000002.2326567241.00000000012E0000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    low
                                                                                                                    https://messaging.action.office.com/setcampaignaction74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                                                                                      high
                                                                                                                      https://visio.uservoice.com/forums/368202-visio-on-devices74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                                                                                        high
                                                                                                                        https://staging.cortana.ai74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        unknown
                                                                                                                        https://onedrive.live.com/embed?74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                                                                                          high
                                                                                                                          https://augloop.office.com74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                                                                                            high
                                                                                                                            https://www.wykop.pl/c8JakemodH.exe, 00000000.00000003.1979092937.0000000001267000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              https://twitter.com/c8JakemodH.exe, 00000000.00000003.1978284906.000000000127A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                high
                                                                                                                                https://www.olx.pl/c8JakemodH.exe, 00000000.00000003.1979092937.0000000001267000.00000004.00000020.00020000.00000000.sdmp, c8JakemodH.exe, 00000000.00000003.1979092937.0000000001278000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  https://api.diagnosticssdf.office.com/v2/file74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                                                                                                    high
                                                                                                                                    https://support.mozilla.org/products/firefoxc8JakemodH.exe, 00000000.00000003.1973359684.0000000001242000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                                                                                                        high
                                                                                                                                        https://officepyservice.office.net/74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                                                                                                          high
                                                                                                                                          https://api.diagnostics.office.com74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                                                                                                            high
                                                                                                                                            https://store.office.de/addinstemplate74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                                                                                                              high
                                                                                                                                              https://wus2.pagecontentsync.74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              unknown
                                                                                                                                              https://api.powerbi.com/v1.0/myorg/datasets74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                                                                                                                high
                                                                                                                                                https://www.google.com/complete/c8JakemodH.exe, 00000000.00000003.1978284906.000000000127A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  high
                                                                                                                                                  https://cortana.ai/api74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  unknown
                                                                                                                                                  http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion;$c8JakemodH.exe, 00000000.00000002.2326567241.00000000012E0000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                  low
                                                                                                                                                  http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionackagesc8JakemodH.exe, 00000000.00000002.2326567241.00000000012E0000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                  unknown
                                                                                                                                                  https://www.amazon.de/c8JakemodH.exe, 00000000.00000003.1979092937.0000000001267000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    high
                                                                                                                                                    https://api.diagnosticssdf.office.com74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                                                                                                                      high
                                                                                                                                                      https://login.microsoftonline.com/74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                                                                                                                        high
                                                                                                                                                        https://www.avito.ru/c8JakemodH.exe, 00000000.00000003.1979092937.0000000001267000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          high
                                                                                                                                                          https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize74838711-7E0B-45A4-9802-5A49E351F206.8.drfalse
                                                                                                                                                            high
                                                                                                                                                            No contacted IP infos
                                                                                                                                                            Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                                            Analysis ID:1436723
                                                                                                                                                            Start date and time:2024-05-06 14:04:07 +02:00
                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                            Overall analysis duration:0h 6m 54s
                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                            Report type:full
                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                            Number of analysed new started processes analysed:18
                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                            Technologies:
                                                                                                                                                            • HCA enabled
                                                                                                                                                            • EGA enabled
                                                                                                                                                            • AMSI enabled
                                                                                                                                                            Analysis Mode:default
                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                            Sample name:c8JakemodH.exe
                                                                                                                                                            renamed because original name is a hash value
                                                                                                                                                            Original Sample Name:9cb76090b74457b23fd3daf8af4793510cb94a970046de0ea4d3bb05527ba2e1.exe
                                                                                                                                                            Detection:MAL
                                                                                                                                                            Classification:mal100.rans.phis.spyw.evad.winEXE@9/1689@0/0
                                                                                                                                                            EGA Information:
                                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                                            HCA Information:
                                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                                            • Number of executed functions: 81
                                                                                                                                                            • Number of non-executed functions: 6
                                                                                                                                                            Cookbook Comments:
                                                                                                                                                            • Found application associated with file extension: .exe
                                                                                                                                                            • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, printfilterpipelinesvc.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                            • Excluded IPs from analysis (whitelisted): 52.109.28.46, 52.113.194.132, 52.109.16.112, 20.189.173.1
                                                                                                                                                            • Excluded domains from analysis (whitelisted): ecs.office.com, self-events-data.trafficmanager.net, onedscolprdwus00.westus.cloudapp.azure.com, fs.microsoft.com, slscr.update.microsoft.com, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, osiprod-ncus-buff-azsc-000.northcentralus.cloudapp.azure.com, ncus-azsc-000.roaming.officeapps.live.com, fe3cr.delivery.mp.microsoft.com, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, us1.roaming1.live.com.akadns.net, ocsp.digicert.com, login.live.com, s-0005.s-msedge.net, config.officeapps.live.com, officeclient.microsoft.com, ecs.office.trafficmanager.net, europe.configsvc1.live.com.akadns.net, uks-azsc-config.officeapps.live.com
                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                            • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                            • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                            • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                            • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                            • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                            • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                            • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                            • Report size getting too big, too many NtReadFile calls found.
                                                                                                                                                            • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                            • Report size getting too big, too many NtWriteFile calls found.
                                                                                                                                                            TimeTypeDescription
                                                                                                                                                            14:05:15API Interceptor99x Sleep call for process: splwow64.exe modified
                                                                                                                                                            No context
                                                                                                                                                            No context
                                                                                                                                                            No context
                                                                                                                                                            No context
                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                            C:\ProgramData\C9C8.tmpDocument.doc.scr.exeGet hashmaliciousLockBit ransomware, TrojanRansomBrowse
                                                                                                                                                              Rcqcps3y45.exeGet hashmaliciousLockBit ransomwareBrowse
                                                                                                                                                                LBB.exeGet hashmaliciousLockBit ransomwareBrowse
                                                                                                                                                                  lockbit_unpacked.exeGet hashmaliciousLockBit ransomwareBrowse
                                                                                                                                                                    maXk5kqpyK.exeGet hashmaliciousLockBit ransomwareBrowse
                                                                                                                                                                      maXk5kqpyK.exeGet hashmaliciousLockBit ransomwareBrowse
                                                                                                                                                                        abc.exeGet hashmaliciousLockBit ransomwareBrowse
                                                                                                                                                                          55Seo_SeungJoon44.docxGet hashmaliciousLockBit ransomwareBrowse
                                                                                                                                                                            55VpD64eOy.exeGet hashmaliciousLockBit ransomwareBrowse
                                                                                                                                                                              0rzZX3x868.docxGet hashmaliciousLockBit ransomwareBrowse
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.559563204985335
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:0gAaAJ6XIiDBPkwoTPG23m6zckiTwiIoZrwDta4YE4+38M:0gQ04g590PG2W5ki8ijZw
                                                                                                                                                                                MD5:E2A1470B13A4B9949A0B460FB598C6BF
                                                                                                                                                                                SHA1:F4E05409A3982E5083A4AD4AD01D5EA124BC270F
                                                                                                                                                                                SHA-256:E87DD08996C415B3B8AC8CE648704FA387325BA4F57415103798B1315CC4754D
                                                                                                                                                                                SHA-512:F5FE45A08B07AEAD80BB84A3758EE2994E5CBC3FCA61DAAEF7EA934BCAE337339FF7DF34FBBC1E1D8AC11E562DC4631DFE24E471B69B4D7E2F55947756878D53
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Preview:rI...Dq...(.xk.<.e.. ....@...{O..+X...*A..eR...t.-..c?..WPIw,..8.@n........,.J&m.....C..8z.U..}..j.g. .{....3.....#....b #.K
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.559563204985335
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:0gAaAJ6XIiDBPkwoTPG23m6zckiTwiIoZrwDta4YE4+38M:0gQ04g590PG2W5ki8ijZw
                                                                                                                                                                                MD5:E2A1470B13A4B9949A0B460FB598C6BF
                                                                                                                                                                                SHA1:F4E05409A3982E5083A4AD4AD01D5EA124BC270F
                                                                                                                                                                                SHA-256:E87DD08996C415B3B8AC8CE648704FA387325BA4F57415103798B1315CC4754D
                                                                                                                                                                                SHA-512:F5FE45A08B07AEAD80BB84A3758EE2994E5CBC3FCA61DAAEF7EA934BCAE337339FF7DF34FBBC1E1D8AC11E562DC4631DFE24E471B69B4D7E2F55947756878D53
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Preview:rI...Dq...(.xk.<.e.. ....@...{O..+X...*A..eR...t.-..c?..WPIw,..8.@n........,.J&m.....C..8z.U..}..j.g. .{....3.....#....b #.K
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.559563204985335
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:0gAaAJ6XIiDBPkwoTPG23m6zckiTwiIoZrwDta4YE4+38M:0gQ04g590PG2W5ki8ijZw
                                                                                                                                                                                MD5:E2A1470B13A4B9949A0B460FB598C6BF
                                                                                                                                                                                SHA1:F4E05409A3982E5083A4AD4AD01D5EA124BC270F
                                                                                                                                                                                SHA-256:E87DD08996C415B3B8AC8CE648704FA387325BA4F57415103798B1315CC4754D
                                                                                                                                                                                SHA-512:F5FE45A08B07AEAD80BB84A3758EE2994E5CBC3FCA61DAAEF7EA934BCAE337339FF7DF34FBBC1E1D8AC11E562DC4631DFE24E471B69B4D7E2F55947756878D53
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Preview:rI...Dq...(.xk.<.e.. ....@...{O..+X...*A..eR...t.-..c?..WPIw,..8.@n........,.J&m.....C..8z.U..}..j.g. .{....3.....#....b #.K
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.559563204985335
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:0gAaAJ6XIiDBPkwoTPG23m6zckiTwiIoZrwDta4YE4+38M:0gQ04g590PG2W5ki8ijZw
                                                                                                                                                                                MD5:E2A1470B13A4B9949A0B460FB598C6BF
                                                                                                                                                                                SHA1:F4E05409A3982E5083A4AD4AD01D5EA124BC270F
                                                                                                                                                                                SHA-256:E87DD08996C415B3B8AC8CE648704FA387325BA4F57415103798B1315CC4754D
                                                                                                                                                                                SHA-512:F5FE45A08B07AEAD80BB84A3758EE2994E5CBC3FCA61DAAEF7EA934BCAE337339FF7DF34FBBC1E1D8AC11E562DC4631DFE24E471B69B4D7E2F55947756878D53
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Preview:rI...Dq...(.xk.<.e.. ....@...{O..+X...*A..eR...t.-..c?..WPIw,..8.@n........,.J&m.....C..8z.U..}..j.g. .{....3.....#....b #.K
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.559563204985335
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:0gAaAJ6XIiDBPkwoTPG23m6zckiTwiIoZrwDta4YE4+38M:0gQ04g590PG2W5ki8ijZw
                                                                                                                                                                                MD5:E2A1470B13A4B9949A0B460FB598C6BF
                                                                                                                                                                                SHA1:F4E05409A3982E5083A4AD4AD01D5EA124BC270F
                                                                                                                                                                                SHA-256:E87DD08996C415B3B8AC8CE648704FA387325BA4F57415103798B1315CC4754D
                                                                                                                                                                                SHA-512:F5FE45A08B07AEAD80BB84A3758EE2994E5CBC3FCA61DAAEF7EA934BCAE337339FF7DF34FBBC1E1D8AC11E562DC4631DFE24E471B69B4D7E2F55947756878D53
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Preview:rI...Dq...(.xk.<.e.. ....@...{O..+X...*A..eR...t.-..c?..WPIw,..8.@n........,.J&m.....C..8z.U..}..j.g. .{....3.....#....b #.K
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.559563204985335
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:0gAaAJ6XIiDBPkwoTPG23m6zckiTwiIoZrwDta4YE4+38M:0gQ04g590PG2W5ki8ijZw
                                                                                                                                                                                MD5:E2A1470B13A4B9949A0B460FB598C6BF
                                                                                                                                                                                SHA1:F4E05409A3982E5083A4AD4AD01D5EA124BC270F
                                                                                                                                                                                SHA-256:E87DD08996C415B3B8AC8CE648704FA387325BA4F57415103798B1315CC4754D
                                                                                                                                                                                SHA-512:F5FE45A08B07AEAD80BB84A3758EE2994E5CBC3FCA61DAAEF7EA934BCAE337339FF7DF34FBBC1E1D8AC11E562DC4631DFE24E471B69B4D7E2F55947756878D53
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Preview:rI...Dq...(.xk.<.e.. ....@...{O..+X...*A..eR...t.-..c?..WPIw,..8.@n........,.J&m.....C..8z.U..}..j.g. .{....3.....#....b #.K
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.559563204985335
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:0gAaAJ6XIiDBPkwoTPG23m6zckiTwiIoZrwDta4YE4+38M:0gQ04g590PG2W5ki8ijZw
                                                                                                                                                                                MD5:E2A1470B13A4B9949A0B460FB598C6BF
                                                                                                                                                                                SHA1:F4E05409A3982E5083A4AD4AD01D5EA124BC270F
                                                                                                                                                                                SHA-256:E87DD08996C415B3B8AC8CE648704FA387325BA4F57415103798B1315CC4754D
                                                                                                                                                                                SHA-512:F5FE45A08B07AEAD80BB84A3758EE2994E5CBC3FCA61DAAEF7EA934BCAE337339FF7DF34FBBC1E1D8AC11E562DC4631DFE24E471B69B4D7E2F55947756878D53
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Preview:rI...Dq...(.xk.<.e.. ....@...{O..+X...*A..eR...t.-..c?..WPIw,..8.@n........,.J&m.....C..8z.U..}..j.g. .{....3.....#....b #.K
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.559563204985335
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:0gAaAJ6XIiDBPkwoTPG23m6zckiTwiIoZrwDta4YE4+38M:0gQ04g590PG2W5ki8ijZw
                                                                                                                                                                                MD5:E2A1470B13A4B9949A0B460FB598C6BF
                                                                                                                                                                                SHA1:F4E05409A3982E5083A4AD4AD01D5EA124BC270F
                                                                                                                                                                                SHA-256:E87DD08996C415B3B8AC8CE648704FA387325BA4F57415103798B1315CC4754D
                                                                                                                                                                                SHA-512:F5FE45A08B07AEAD80BB84A3758EE2994E5CBC3FCA61DAAEF7EA934BCAE337339FF7DF34FBBC1E1D8AC11E562DC4631DFE24E471B69B4D7E2F55947756878D53
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Preview:rI...Dq...(.xk.<.e.. ....@...{O..+X...*A..eR...t.-..c?..WPIw,..8.@n........,.J&m.....C..8z.U..}..j.g. .{....3.....#....b #.K
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.559563204985335
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:0gAaAJ6XIiDBPkwoTPG23m6zckiTwiIoZrwDta4YE4+38M:0gQ04g590PG2W5ki8ijZw
                                                                                                                                                                                MD5:E2A1470B13A4B9949A0B460FB598C6BF
                                                                                                                                                                                SHA1:F4E05409A3982E5083A4AD4AD01D5EA124BC270F
                                                                                                                                                                                SHA-256:E87DD08996C415B3B8AC8CE648704FA387325BA4F57415103798B1315CC4754D
                                                                                                                                                                                SHA-512:F5FE45A08B07AEAD80BB84A3758EE2994E5CBC3FCA61DAAEF7EA934BCAE337339FF7DF34FBBC1E1D8AC11E562DC4631DFE24E471B69B4D7E2F55947756878D53
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Preview:rI...Dq...(.xk.<.e.. ....@...{O..+X...*A..eR...t.-..c?..WPIw,..8.@n........,.J&m.....C..8z.U..}..j.g. .{....3.....#....b #.K
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.559563204985335
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:0gAaAJ6XIiDBPkwoTPG23m6zckiTwiIoZrwDta4YE4+38M:0gQ04g590PG2W5ki8ijZw
                                                                                                                                                                                MD5:E2A1470B13A4B9949A0B460FB598C6BF
                                                                                                                                                                                SHA1:F4E05409A3982E5083A4AD4AD01D5EA124BC270F
                                                                                                                                                                                SHA-256:E87DD08996C415B3B8AC8CE648704FA387325BA4F57415103798B1315CC4754D
                                                                                                                                                                                SHA-512:F5FE45A08B07AEAD80BB84A3758EE2994E5CBC3FCA61DAAEF7EA934BCAE337339FF7DF34FBBC1E1D8AC11E562DC4631DFE24E471B69B4D7E2F55947756878D53
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:rI...Dq...(.xk.<.e.. ....@...{O..+X...*A..eR...t.-..c?..WPIw,..8.@n........,.J&m.....C..8z.U..}..j.g. .{....3.....#....b #.K
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.559563204985335
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:0gAaAJ6XIiDBPkwoTPG23m6zckiTwiIoZrwDta4YE4+38M:0gQ04g590PG2W5ki8ijZw
                                                                                                                                                                                MD5:E2A1470B13A4B9949A0B460FB598C6BF
                                                                                                                                                                                SHA1:F4E05409A3982E5083A4AD4AD01D5EA124BC270F
                                                                                                                                                                                SHA-256:E87DD08996C415B3B8AC8CE648704FA387325BA4F57415103798B1315CC4754D
                                                                                                                                                                                SHA-512:F5FE45A08B07AEAD80BB84A3758EE2994E5CBC3FCA61DAAEF7EA934BCAE337339FF7DF34FBBC1E1D8AC11E562DC4631DFE24E471B69B4D7E2F55947756878D53
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:rI...Dq...(.xk.<.e.. ....@...{O..+X...*A..eR...t.-..c?..WPIw,..8.@n........,.J&m.....C..8z.U..}..j.g. .{....3.....#....b #.K
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.559563204985335
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:0gAaAJ6XIiDBPkwoTPG23m6zckiTwiIoZrwDta4YE4+38M:0gQ04g590PG2W5ki8ijZw
                                                                                                                                                                                MD5:E2A1470B13A4B9949A0B460FB598C6BF
                                                                                                                                                                                SHA1:F4E05409A3982E5083A4AD4AD01D5EA124BC270F
                                                                                                                                                                                SHA-256:E87DD08996C415B3B8AC8CE648704FA387325BA4F57415103798B1315CC4754D
                                                                                                                                                                                SHA-512:F5FE45A08B07AEAD80BB84A3758EE2994E5CBC3FCA61DAAEF7EA934BCAE337339FF7DF34FBBC1E1D8AC11E562DC4631DFE24E471B69B4D7E2F55947756878D53
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:rI...Dq...(.xk.<.e.. ....@...{O..+X...*A..eR...t.-..c?..WPIw,..8.@n........,.J&m.....C..8z.U..}..j.g. .{....3.....#....b #.K
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.559563204985335
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:0gAaAJ6XIiDBPkwoTPG23m6zckiTwiIoZrwDta4YE4+38M:0gQ04g590PG2W5ki8ijZw
                                                                                                                                                                                MD5:E2A1470B13A4B9949A0B460FB598C6BF
                                                                                                                                                                                SHA1:F4E05409A3982E5083A4AD4AD01D5EA124BC270F
                                                                                                                                                                                SHA-256:E87DD08996C415B3B8AC8CE648704FA387325BA4F57415103798B1315CC4754D
                                                                                                                                                                                SHA-512:F5FE45A08B07AEAD80BB84A3758EE2994E5CBC3FCA61DAAEF7EA934BCAE337339FF7DF34FBBC1E1D8AC11E562DC4631DFE24E471B69B4D7E2F55947756878D53
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:rI...Dq...(.xk.<.e.. ....@...{O..+X...*A..eR...t.-..c?..WPIw,..8.@n........,.J&m.....C..8z.U..}..j.g. .{....3.....#....b #.K
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.559563204985335
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:0gAaAJ6XIiDBPkwoTPG23m6zckiTwiIoZrwDta4YE4+38M:0gQ04g590PG2W5ki8ijZw
                                                                                                                                                                                MD5:E2A1470B13A4B9949A0B460FB598C6BF
                                                                                                                                                                                SHA1:F4E05409A3982E5083A4AD4AD01D5EA124BC270F
                                                                                                                                                                                SHA-256:E87DD08996C415B3B8AC8CE648704FA387325BA4F57415103798B1315CC4754D
                                                                                                                                                                                SHA-512:F5FE45A08B07AEAD80BB84A3758EE2994E5CBC3FCA61DAAEF7EA934BCAE337339FF7DF34FBBC1E1D8AC11E562DC4631DFE24E471B69B4D7E2F55947756878D53
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:rI...Dq...(.xk.<.e.. ....@...{O..+X...*A..eR...t.-..c?..WPIw,..8.@n........,.J&m.....C..8z.U..}..j.g. .{....3.....#....b #.K
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.559563204985335
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:0gAaAJ6XIiDBPkwoTPG23m6zckiTwiIoZrwDta4YE4+38M:0gQ04g590PG2W5ki8ijZw
                                                                                                                                                                                MD5:E2A1470B13A4B9949A0B460FB598C6BF
                                                                                                                                                                                SHA1:F4E05409A3982E5083A4AD4AD01D5EA124BC270F
                                                                                                                                                                                SHA-256:E87DD08996C415B3B8AC8CE648704FA387325BA4F57415103798B1315CC4754D
                                                                                                                                                                                SHA-512:F5FE45A08B07AEAD80BB84A3758EE2994E5CBC3FCA61DAAEF7EA934BCAE337339FF7DF34FBBC1E1D8AC11E562DC4631DFE24E471B69B4D7E2F55947756878D53
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:rI...Dq...(.xk.<.e.. ....@...{O..+X...*A..eR...t.-..c?..WPIw,..8.@n........,.J&m.....C..8z.U..}..j.g. .{....3.....#....b #.K
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.559563204985335
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:0gAaAJ6XIiDBPkwoTPG23m6zckiTwiIoZrwDta4YE4+38M:0gQ04g590PG2W5ki8ijZw
                                                                                                                                                                                MD5:E2A1470B13A4B9949A0B460FB598C6BF
                                                                                                                                                                                SHA1:F4E05409A3982E5083A4AD4AD01D5EA124BC270F
                                                                                                                                                                                SHA-256:E87DD08996C415B3B8AC8CE648704FA387325BA4F57415103798B1315CC4754D
                                                                                                                                                                                SHA-512:F5FE45A08B07AEAD80BB84A3758EE2994E5CBC3FCA61DAAEF7EA934BCAE337339FF7DF34FBBC1E1D8AC11E562DC4631DFE24E471B69B4D7E2F55947756878D53
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:rI...Dq...(.xk.<.e.. ....@...{O..+X...*A..eR...t.-..c?..WPIw,..8.@n........,.J&m.....C..8z.U..}..j.g. .{....3.....#....b #.K
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.559563204985335
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:0gAaAJ6XIiDBPkwoTPG23m6zckiTwiIoZrwDta4YE4+38M:0gQ04g590PG2W5ki8ijZw
                                                                                                                                                                                MD5:E2A1470B13A4B9949A0B460FB598C6BF
                                                                                                                                                                                SHA1:F4E05409A3982E5083A4AD4AD01D5EA124BC270F
                                                                                                                                                                                SHA-256:E87DD08996C415B3B8AC8CE648704FA387325BA4F57415103798B1315CC4754D
                                                                                                                                                                                SHA-512:F5FE45A08B07AEAD80BB84A3758EE2994E5CBC3FCA61DAAEF7EA934BCAE337339FF7DF34FBBC1E1D8AC11E562DC4631DFE24E471B69B4D7E2F55947756878D53
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:rI...Dq...(.xk.<.e.. ....@...{O..+X...*A..eR...t.-..c?..WPIw,..8.@n........,.J&m.....C..8z.U..}..j.g. .{....3.....#....b #.K
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.559563204985335
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:0gAaAJ6XIiDBPkwoTPG23m6zckiTwiIoZrwDta4YE4+38M:0gQ04g590PG2W5ki8ijZw
                                                                                                                                                                                MD5:E2A1470B13A4B9949A0B460FB598C6BF
                                                                                                                                                                                SHA1:F4E05409A3982E5083A4AD4AD01D5EA124BC270F
                                                                                                                                                                                SHA-256:E87DD08996C415B3B8AC8CE648704FA387325BA4F57415103798B1315CC4754D
                                                                                                                                                                                SHA-512:F5FE45A08B07AEAD80BB84A3758EE2994E5CBC3FCA61DAAEF7EA934BCAE337339FF7DF34FBBC1E1D8AC11E562DC4631DFE24E471B69B4D7E2F55947756878D53
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:rI...Dq...(.xk.<.e.. ....@...{O..+X...*A..eR...t.-..c?..WPIw,..8.@n........,.J&m.....C..8z.U..}..j.g. .{....3.....#....b #.K
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.559563204985335
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:0gAaAJ6XIiDBPkwoTPG23m6zckiTwiIoZrwDta4YE4+38M:0gQ04g590PG2W5ki8ijZw
                                                                                                                                                                                MD5:E2A1470B13A4B9949A0B460FB598C6BF
                                                                                                                                                                                SHA1:F4E05409A3982E5083A4AD4AD01D5EA124BC270F
                                                                                                                                                                                SHA-256:E87DD08996C415B3B8AC8CE648704FA387325BA4F57415103798B1315CC4754D
                                                                                                                                                                                SHA-512:F5FE45A08B07AEAD80BB84A3758EE2994E5CBC3FCA61DAAEF7EA934BCAE337339FF7DF34FBBC1E1D8AC11E562DC4631DFE24E471B69B4D7E2F55947756878D53
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:rI...Dq...(.xk.<.e.. ....@...{O..+X...*A..eR...t.-..c?..WPIw,..8.@n........,.J&m.....C..8z.U..}..j.g. .{....3.....#....b #.K
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.559563204985335
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:0gAaAJ6XIiDBPkwoTPG23m6zckiTwiIoZrwDta4YE4+38M:0gQ04g590PG2W5ki8ijZw
                                                                                                                                                                                MD5:E2A1470B13A4B9949A0B460FB598C6BF
                                                                                                                                                                                SHA1:F4E05409A3982E5083A4AD4AD01D5EA124BC270F
                                                                                                                                                                                SHA-256:E87DD08996C415B3B8AC8CE648704FA387325BA4F57415103798B1315CC4754D
                                                                                                                                                                                SHA-512:F5FE45A08B07AEAD80BB84A3758EE2994E5CBC3FCA61DAAEF7EA934BCAE337339FF7DF34FBBC1E1D8AC11E562DC4631DFE24E471B69B4D7E2F55947756878D53
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:rI...Dq...(.xk.<.e.. ....@...{O..+X...*A..eR...t.-..c?..WPIw,..8.@n........,.J&m.....C..8z.U..}..j.g. .{....3.....#....b #.K
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.559563204985335
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:0gAaAJ6XIiDBPkwoTPG23m6zckiTwiIoZrwDta4YE4+38M:0gQ04g590PG2W5ki8ijZw
                                                                                                                                                                                MD5:E2A1470B13A4B9949A0B460FB598C6BF
                                                                                                                                                                                SHA1:F4E05409A3982E5083A4AD4AD01D5EA124BC270F
                                                                                                                                                                                SHA-256:E87DD08996C415B3B8AC8CE648704FA387325BA4F57415103798B1315CC4754D
                                                                                                                                                                                SHA-512:F5FE45A08B07AEAD80BB84A3758EE2994E5CBC3FCA61DAAEF7EA934BCAE337339FF7DF34FBBC1E1D8AC11E562DC4631DFE24E471B69B4D7E2F55947756878D53
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:rI...Dq...(.xk.<.e.. ....@...{O..+X...*A..eR...t.-..c?..WPIw,..8.@n........,.J&m.....C..8z.U..}..j.g. .{....3.....#....b #.K
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.559563204985335
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:0gAaAJ6XIiDBPkwoTPG23m6zckiTwiIoZrwDta4YE4+38M:0gQ04g590PG2W5ki8ijZw
                                                                                                                                                                                MD5:E2A1470B13A4B9949A0B460FB598C6BF
                                                                                                                                                                                SHA1:F4E05409A3982E5083A4AD4AD01D5EA124BC270F
                                                                                                                                                                                SHA-256:E87DD08996C415B3B8AC8CE648704FA387325BA4F57415103798B1315CC4754D
                                                                                                                                                                                SHA-512:F5FE45A08B07AEAD80BB84A3758EE2994E5CBC3FCA61DAAEF7EA934BCAE337339FF7DF34FBBC1E1D8AC11E562DC4631DFE24E471B69B4D7E2F55947756878D53
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:rI...Dq...(.xk.<.e.. ....@...{O..+X...*A..eR...t.-..c?..WPIw,..8.@n........,.J&m.....C..8z.U..}..j.g. .{....3.....#....b #.K
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.559563204985335
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:0gAaAJ6XIiDBPkwoTPG23m6zckiTwiIoZrwDta4YE4+38M:0gQ04g590PG2W5ki8ijZw
                                                                                                                                                                                MD5:E2A1470B13A4B9949A0B460FB598C6BF
                                                                                                                                                                                SHA1:F4E05409A3982E5083A4AD4AD01D5EA124BC270F
                                                                                                                                                                                SHA-256:E87DD08996C415B3B8AC8CE648704FA387325BA4F57415103798B1315CC4754D
                                                                                                                                                                                SHA-512:F5FE45A08B07AEAD80BB84A3758EE2994E5CBC3FCA61DAAEF7EA934BCAE337339FF7DF34FBBC1E1D8AC11E562DC4631DFE24E471B69B4D7E2F55947756878D53
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:rI...Dq...(.xk.<.e.. ....@...{O..+X...*A..eR...t.-..c?..WPIw,..8.@n........,.J&m.....C..8z.U..}..j.g. .{....3.....#....b #.K
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.559563204985335
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:0gAaAJ6XIiDBPkwoTPG23m6zckiTwiIoZrwDta4YE4+38M:0gQ04g590PG2W5ki8ijZw
                                                                                                                                                                                MD5:E2A1470B13A4B9949A0B460FB598C6BF
                                                                                                                                                                                SHA1:F4E05409A3982E5083A4AD4AD01D5EA124BC270F
                                                                                                                                                                                SHA-256:E87DD08996C415B3B8AC8CE648704FA387325BA4F57415103798B1315CC4754D
                                                                                                                                                                                SHA-512:F5FE45A08B07AEAD80BB84A3758EE2994E5CBC3FCA61DAAEF7EA934BCAE337339FF7DF34FBBC1E1D8AC11E562DC4631DFE24E471B69B4D7E2F55947756878D53
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:rI...Dq...(.xk.<.e.. ....@...{O..+X...*A..eR...t.-..c?..WPIw,..8.@n........,.J&m.....C..8z.U..}..j.g. .{....3.....#....b #.K
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.559563204985335
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:0gAaAJ6XIiDBPkwoTPG23m6zckiTwiIoZrwDta4YE4+38M:0gQ04g590PG2W5ki8ijZw
                                                                                                                                                                                MD5:E2A1470B13A4B9949A0B460FB598C6BF
                                                                                                                                                                                SHA1:F4E05409A3982E5083A4AD4AD01D5EA124BC270F
                                                                                                                                                                                SHA-256:E87DD08996C415B3B8AC8CE648704FA387325BA4F57415103798B1315CC4754D
                                                                                                                                                                                SHA-512:F5FE45A08B07AEAD80BB84A3758EE2994E5CBC3FCA61DAAEF7EA934BCAE337339FF7DF34FBBC1E1D8AC11E562DC4631DFE24E471B69B4D7E2F55947756878D53
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:rI...Dq...(.xk.<.e.. ....@...{O..+X...*A..eR...t.-..c?..WPIw,..8.@n........,.J&m.....C..8z.U..}..j.g. .{....3.....#....b #.K
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.559563204985335
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:0gAaAJ6XIiDBPkwoTPG23m6zckiTwiIoZrwDta4YE4+38M:0gQ04g590PG2W5ki8ijZw
                                                                                                                                                                                MD5:E2A1470B13A4B9949A0B460FB598C6BF
                                                                                                                                                                                SHA1:F4E05409A3982E5083A4AD4AD01D5EA124BC270F
                                                                                                                                                                                SHA-256:E87DD08996C415B3B8AC8CE648704FA387325BA4F57415103798B1315CC4754D
                                                                                                                                                                                SHA-512:F5FE45A08B07AEAD80BB84A3758EE2994E5CBC3FCA61DAAEF7EA934BCAE337339FF7DF34FBBC1E1D8AC11E562DC4631DFE24E471B69B4D7E2F55947756878D53
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:rI...Dq...(.xk.<.e.. ....@...{O..+X...*A..eR...t.-..c?..WPIw,..8.@n........,.J&m.....C..8z.U..}..j.g. .{....3.....#....b #.K
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.559563204985335
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:0gAaAJ6XIiDBPkwoTPG23m6zckiTwiIoZrwDta4YE4+38M:0gQ04g590PG2W5ki8ijZw
                                                                                                                                                                                MD5:E2A1470B13A4B9949A0B460FB598C6BF
                                                                                                                                                                                SHA1:F4E05409A3982E5083A4AD4AD01D5EA124BC270F
                                                                                                                                                                                SHA-256:E87DD08996C415B3B8AC8CE648704FA387325BA4F57415103798B1315CC4754D
                                                                                                                                                                                SHA-512:F5FE45A08B07AEAD80BB84A3758EE2994E5CBC3FCA61DAAEF7EA934BCAE337339FF7DF34FBBC1E1D8AC11E562DC4631DFE24E471B69B4D7E2F55947756878D53
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:rI...Dq...(.xk.<.e.. ....@...{O..+X...*A..eR...t.-..c?..WPIw,..8.@n........,.J&m.....C..8z.U..}..j.g. .{....3.....#....b #.K
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.516851770843266
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:IV8bt9XgrBiDTT65z+Ec+fAG0IsV5sux2Zj1Np5qq8MYMg:ucgrBiDf6MEc+oG0IsTs+e11qqJg
                                                                                                                                                                                MD5:3F8C6297520807007F13D956B83A3E7B
                                                                                                                                                                                SHA1:738858B45AC5D37211F3B820B3B6BCB378196C4B
                                                                                                                                                                                SHA-256:05A03C7DC12FD55A91C6F1D33DC02CEEBC3D9F1391B5A840BC9C4F8760ADA4E4
                                                                                                                                                                                SHA-512:398C0838F12BC9D9EA23A1E4A284A60CEDB6A57FEC7CAEDF97414DD8E538D511D4CDE346182E2D0772716ED85703E91299B93694E42B7EC4621D645FA676FF9B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...i...v.:.......7W.]6....b....6.xG..I7....DyZn.4.+Ue...f.X...-..4..-I...V..OT..Y........$..lLJD.'.......!7..T.KZ....]D...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.516851770843266
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:IV8bt9XgrBiDTT65z+Ec+fAG0IsV5sux2Zj1Np5qq8MYMg:ucgrBiDf6MEc+oG0IsTs+e11qqJg
                                                                                                                                                                                MD5:3F8C6297520807007F13D956B83A3E7B
                                                                                                                                                                                SHA1:738858B45AC5D37211F3B820B3B6BCB378196C4B
                                                                                                                                                                                SHA-256:05A03C7DC12FD55A91C6F1D33DC02CEEBC3D9F1391B5A840BC9C4F8760ADA4E4
                                                                                                                                                                                SHA-512:398C0838F12BC9D9EA23A1E4A284A60CEDB6A57FEC7CAEDF97414DD8E538D511D4CDE346182E2D0772716ED85703E91299B93694E42B7EC4621D645FA676FF9B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...i...v.:.......7W.]6....b....6.xG..I7....DyZn.4.+Ue...f.X...-..4..-I...V..OT..Y........$..lLJD.'.......!7..T.KZ....]D...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.516851770843266
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:IV8bt9XgrBiDTT65z+Ec+fAG0IsV5sux2Zj1Np5qq8MYMg:ucgrBiDf6MEc+oG0IsTs+e11qqJg
                                                                                                                                                                                MD5:3F8C6297520807007F13D956B83A3E7B
                                                                                                                                                                                SHA1:738858B45AC5D37211F3B820B3B6BCB378196C4B
                                                                                                                                                                                SHA-256:05A03C7DC12FD55A91C6F1D33DC02CEEBC3D9F1391B5A840BC9C4F8760ADA4E4
                                                                                                                                                                                SHA-512:398C0838F12BC9D9EA23A1E4A284A60CEDB6A57FEC7CAEDF97414DD8E538D511D4CDE346182E2D0772716ED85703E91299B93694E42B7EC4621D645FA676FF9B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...i...v.:.......7W.]6....b....6.xG..I7....DyZn.4.+Ue...f.X...-..4..-I...V..OT..Y........$..lLJD.'.......!7..T.KZ....]D...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.516851770843266
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:IV8bt9XgrBiDTT65z+Ec+fAG0IsV5sux2Zj1Np5qq8MYMg:ucgrBiDf6MEc+oG0IsTs+e11qqJg
                                                                                                                                                                                MD5:3F8C6297520807007F13D956B83A3E7B
                                                                                                                                                                                SHA1:738858B45AC5D37211F3B820B3B6BCB378196C4B
                                                                                                                                                                                SHA-256:05A03C7DC12FD55A91C6F1D33DC02CEEBC3D9F1391B5A840BC9C4F8760ADA4E4
                                                                                                                                                                                SHA-512:398C0838F12BC9D9EA23A1E4A284A60CEDB6A57FEC7CAEDF97414DD8E538D511D4CDE346182E2D0772716ED85703E91299B93694E42B7EC4621D645FA676FF9B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...i...v.:.......7W.]6....b....6.xG..I7....DyZn.4.+Ue...f.X...-..4..-I...V..OT..Y........$..lLJD.'.......!7..T.KZ....]D...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.516851770843266
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:IV8bt9XgrBiDTT65z+Ec+fAG0IsV5sux2Zj1Np5qq8MYMg:ucgrBiDf6MEc+oG0IsTs+e11qqJg
                                                                                                                                                                                MD5:3F8C6297520807007F13D956B83A3E7B
                                                                                                                                                                                SHA1:738858B45AC5D37211F3B820B3B6BCB378196C4B
                                                                                                                                                                                SHA-256:05A03C7DC12FD55A91C6F1D33DC02CEEBC3D9F1391B5A840BC9C4F8760ADA4E4
                                                                                                                                                                                SHA-512:398C0838F12BC9D9EA23A1E4A284A60CEDB6A57FEC7CAEDF97414DD8E538D511D4CDE346182E2D0772716ED85703E91299B93694E42B7EC4621D645FA676FF9B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...i...v.:.......7W.]6....b....6.xG..I7....DyZn.4.+Ue...f.X...-..4..-I...V..OT..Y........$..lLJD.'.......!7..T.KZ....]D...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.516851770843266
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:IV8bt9XgrBiDTT65z+Ec+fAG0IsV5sux2Zj1Np5qq8MYMg:ucgrBiDf6MEc+oG0IsTs+e11qqJg
                                                                                                                                                                                MD5:3F8C6297520807007F13D956B83A3E7B
                                                                                                                                                                                SHA1:738858B45AC5D37211F3B820B3B6BCB378196C4B
                                                                                                                                                                                SHA-256:05A03C7DC12FD55A91C6F1D33DC02CEEBC3D9F1391B5A840BC9C4F8760ADA4E4
                                                                                                                                                                                SHA-512:398C0838F12BC9D9EA23A1E4A284A60CEDB6A57FEC7CAEDF97414DD8E538D511D4CDE346182E2D0772716ED85703E91299B93694E42B7EC4621D645FA676FF9B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...i...v.:.......7W.]6....b....6.xG..I7....DyZn.4.+Ue...f.X...-..4..-I...V..OT..Y........$..lLJD.'.......!7..T.KZ....]D...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.516851770843266
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:IV8bt9XgrBiDTT65z+Ec+fAG0IsV5sux2Zj1Np5qq8MYMg:ucgrBiDf6MEc+oG0IsTs+e11qqJg
                                                                                                                                                                                MD5:3F8C6297520807007F13D956B83A3E7B
                                                                                                                                                                                SHA1:738858B45AC5D37211F3B820B3B6BCB378196C4B
                                                                                                                                                                                SHA-256:05A03C7DC12FD55A91C6F1D33DC02CEEBC3D9F1391B5A840BC9C4F8760ADA4E4
                                                                                                                                                                                SHA-512:398C0838F12BC9D9EA23A1E4A284A60CEDB6A57FEC7CAEDF97414DD8E538D511D4CDE346182E2D0772716ED85703E91299B93694E42B7EC4621D645FA676FF9B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...i...v.:.......7W.]6....b....6.xG..I7....DyZn.4.+Ue...f.X...-..4..-I...V..OT..Y........$..lLJD.'.......!7..T.KZ....]D...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.516851770843266
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:IV8bt9XgrBiDTT65z+Ec+fAG0IsV5sux2Zj1Np5qq8MYMg:ucgrBiDf6MEc+oG0IsTs+e11qqJg
                                                                                                                                                                                MD5:3F8C6297520807007F13D956B83A3E7B
                                                                                                                                                                                SHA1:738858B45AC5D37211F3B820B3B6BCB378196C4B
                                                                                                                                                                                SHA-256:05A03C7DC12FD55A91C6F1D33DC02CEEBC3D9F1391B5A840BC9C4F8760ADA4E4
                                                                                                                                                                                SHA-512:398C0838F12BC9D9EA23A1E4A284A60CEDB6A57FEC7CAEDF97414DD8E538D511D4CDE346182E2D0772716ED85703E91299B93694E42B7EC4621D645FA676FF9B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...i...v.:.......7W.]6....b....6.xG..I7....DyZn.4.+Ue...f.X...-..4..-I...V..OT..Y........$..lLJD.'.......!7..T.KZ....]D...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.516851770843266
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:IV8bt9XgrBiDTT65z+Ec+fAG0IsV5sux2Zj1Np5qq8MYMg:ucgrBiDf6MEc+oG0IsTs+e11qqJg
                                                                                                                                                                                MD5:3F8C6297520807007F13D956B83A3E7B
                                                                                                                                                                                SHA1:738858B45AC5D37211F3B820B3B6BCB378196C4B
                                                                                                                                                                                SHA-256:05A03C7DC12FD55A91C6F1D33DC02CEEBC3D9F1391B5A840BC9C4F8760ADA4E4
                                                                                                                                                                                SHA-512:398C0838F12BC9D9EA23A1E4A284A60CEDB6A57FEC7CAEDF97414DD8E538D511D4CDE346182E2D0772716ED85703E91299B93694E42B7EC4621D645FA676FF9B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...i...v.:.......7W.]6....b....6.xG..I7....DyZn.4.+Ue...f.X...-..4..-I...V..OT..Y........$..lLJD.'.......!7..T.KZ....]D...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.516851770843266
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:IV8bt9XgrBiDTT65z+Ec+fAG0IsV5sux2Zj1Np5qq8MYMg:ucgrBiDf6MEc+oG0IsTs+e11qqJg
                                                                                                                                                                                MD5:3F8C6297520807007F13D956B83A3E7B
                                                                                                                                                                                SHA1:738858B45AC5D37211F3B820B3B6BCB378196C4B
                                                                                                                                                                                SHA-256:05A03C7DC12FD55A91C6F1D33DC02CEEBC3D9F1391B5A840BC9C4F8760ADA4E4
                                                                                                                                                                                SHA-512:398C0838F12BC9D9EA23A1E4A284A60CEDB6A57FEC7CAEDF97414DD8E538D511D4CDE346182E2D0772716ED85703E91299B93694E42B7EC4621D645FA676FF9B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...i...v.:.......7W.]6....b....6.xG..I7....DyZn.4.+Ue...f.X...-..4..-I...V..OT..Y........$..lLJD.'.......!7..T.KZ....]D...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.516851770843266
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:IV8bt9XgrBiDTT65z+Ec+fAG0IsV5sux2Zj1Np5qq8MYMg:ucgrBiDf6MEc+oG0IsTs+e11qqJg
                                                                                                                                                                                MD5:3F8C6297520807007F13D956B83A3E7B
                                                                                                                                                                                SHA1:738858B45AC5D37211F3B820B3B6BCB378196C4B
                                                                                                                                                                                SHA-256:05A03C7DC12FD55A91C6F1D33DC02CEEBC3D9F1391B5A840BC9C4F8760ADA4E4
                                                                                                                                                                                SHA-512:398C0838F12BC9D9EA23A1E4A284A60CEDB6A57FEC7CAEDF97414DD8E538D511D4CDE346182E2D0772716ED85703E91299B93694E42B7EC4621D645FA676FF9B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...i...v.:.......7W.]6....b....6.xG..I7....DyZn.4.+Ue...f.X...-..4..-I...V..OT..Y........$..lLJD.'.......!7..T.KZ....]D...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.516851770843266
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:IV8bt9XgrBiDTT65z+Ec+fAG0IsV5sux2Zj1Np5qq8MYMg:ucgrBiDf6MEc+oG0IsTs+e11qqJg
                                                                                                                                                                                MD5:3F8C6297520807007F13D956B83A3E7B
                                                                                                                                                                                SHA1:738858B45AC5D37211F3B820B3B6BCB378196C4B
                                                                                                                                                                                SHA-256:05A03C7DC12FD55A91C6F1D33DC02CEEBC3D9F1391B5A840BC9C4F8760ADA4E4
                                                                                                                                                                                SHA-512:398C0838F12BC9D9EA23A1E4A284A60CEDB6A57FEC7CAEDF97414DD8E538D511D4CDE346182E2D0772716ED85703E91299B93694E42B7EC4621D645FA676FF9B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...i...v.:.......7W.]6....b....6.xG..I7....DyZn.4.+Ue...f.X...-..4..-I...V..OT..Y........$..lLJD.'.......!7..T.KZ....]D...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.516851770843266
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:IV8bt9XgrBiDTT65z+Ec+fAG0IsV5sux2Zj1Np5qq8MYMg:ucgrBiDf6MEc+oG0IsTs+e11qqJg
                                                                                                                                                                                MD5:3F8C6297520807007F13D956B83A3E7B
                                                                                                                                                                                SHA1:738858B45AC5D37211F3B820B3B6BCB378196C4B
                                                                                                                                                                                SHA-256:05A03C7DC12FD55A91C6F1D33DC02CEEBC3D9F1391B5A840BC9C4F8760ADA4E4
                                                                                                                                                                                SHA-512:398C0838F12BC9D9EA23A1E4A284A60CEDB6A57FEC7CAEDF97414DD8E538D511D4CDE346182E2D0772716ED85703E91299B93694E42B7EC4621D645FA676FF9B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...i...v.:.......7W.]6....b....6.xG..I7....DyZn.4.+Ue...f.X...-..4..-I...V..OT..Y........$..lLJD.'.......!7..T.KZ....]D...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.516851770843266
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:IV8bt9XgrBiDTT65z+Ec+fAG0IsV5sux2Zj1Np5qq8MYMg:ucgrBiDf6MEc+oG0IsTs+e11qqJg
                                                                                                                                                                                MD5:3F8C6297520807007F13D956B83A3E7B
                                                                                                                                                                                SHA1:738858B45AC5D37211F3B820B3B6BCB378196C4B
                                                                                                                                                                                SHA-256:05A03C7DC12FD55A91C6F1D33DC02CEEBC3D9F1391B5A840BC9C4F8760ADA4E4
                                                                                                                                                                                SHA-512:398C0838F12BC9D9EA23A1E4A284A60CEDB6A57FEC7CAEDF97414DD8E538D511D4CDE346182E2D0772716ED85703E91299B93694E42B7EC4621D645FA676FF9B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...i...v.:.......7W.]6....b....6.xG..I7....DyZn.4.+Ue...f.X...-..4..-I...V..OT..Y........$..lLJD.'.......!7..T.KZ....]D...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.516851770843266
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:IV8bt9XgrBiDTT65z+Ec+fAG0IsV5sux2Zj1Np5qq8MYMg:ucgrBiDf6MEc+oG0IsTs+e11qqJg
                                                                                                                                                                                MD5:3F8C6297520807007F13D956B83A3E7B
                                                                                                                                                                                SHA1:738858B45AC5D37211F3B820B3B6BCB378196C4B
                                                                                                                                                                                SHA-256:05A03C7DC12FD55A91C6F1D33DC02CEEBC3D9F1391B5A840BC9C4F8760ADA4E4
                                                                                                                                                                                SHA-512:398C0838F12BC9D9EA23A1E4A284A60CEDB6A57FEC7CAEDF97414DD8E538D511D4CDE346182E2D0772716ED85703E91299B93694E42B7EC4621D645FA676FF9B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...i...v.:.......7W.]6....b....6.xG..I7....DyZn.4.+Ue...f.X...-..4..-I...V..OT..Y........$..lLJD.'.......!7..T.KZ....]D...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.516851770843266
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:IV8bt9XgrBiDTT65z+Ec+fAG0IsV5sux2Zj1Np5qq8MYMg:ucgrBiDf6MEc+oG0IsTs+e11qqJg
                                                                                                                                                                                MD5:3F8C6297520807007F13D956B83A3E7B
                                                                                                                                                                                SHA1:738858B45AC5D37211F3B820B3B6BCB378196C4B
                                                                                                                                                                                SHA-256:05A03C7DC12FD55A91C6F1D33DC02CEEBC3D9F1391B5A840BC9C4F8760ADA4E4
                                                                                                                                                                                SHA-512:398C0838F12BC9D9EA23A1E4A284A60CEDB6A57FEC7CAEDF97414DD8E538D511D4CDE346182E2D0772716ED85703E91299B93694E42B7EC4621D645FA676FF9B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...i...v.:.......7W.]6....b....6.xG..I7....DyZn.4.+Ue...f.X...-..4..-I...V..OT..Y........$..lLJD.'.......!7..T.KZ....]D...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.516851770843266
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:IV8bt9XgrBiDTT65z+Ec+fAG0IsV5sux2Zj1Np5qq8MYMg:ucgrBiDf6MEc+oG0IsTs+e11qqJg
                                                                                                                                                                                MD5:3F8C6297520807007F13D956B83A3E7B
                                                                                                                                                                                SHA1:738858B45AC5D37211F3B820B3B6BCB378196C4B
                                                                                                                                                                                SHA-256:05A03C7DC12FD55A91C6F1D33DC02CEEBC3D9F1391B5A840BC9C4F8760ADA4E4
                                                                                                                                                                                SHA-512:398C0838F12BC9D9EA23A1E4A284A60CEDB6A57FEC7CAEDF97414DD8E538D511D4CDE346182E2D0772716ED85703E91299B93694E42B7EC4621D645FA676FF9B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...i...v.:.......7W.]6....b....6.xG..I7....DyZn.4.+Ue...f.X...-..4..-I...V..OT..Y........$..lLJD.'.......!7..T.KZ....]D...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.516851770843266
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:IV8bt9XgrBiDTT65z+Ec+fAG0IsV5sux2Zj1Np5qq8MYMg:ucgrBiDf6MEc+oG0IsTs+e11qqJg
                                                                                                                                                                                MD5:3F8C6297520807007F13D956B83A3E7B
                                                                                                                                                                                SHA1:738858B45AC5D37211F3B820B3B6BCB378196C4B
                                                                                                                                                                                SHA-256:05A03C7DC12FD55A91C6F1D33DC02CEEBC3D9F1391B5A840BC9C4F8760ADA4E4
                                                                                                                                                                                SHA-512:398C0838F12BC9D9EA23A1E4A284A60CEDB6A57FEC7CAEDF97414DD8E538D511D4CDE346182E2D0772716ED85703E91299B93694E42B7EC4621D645FA676FF9B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...i...v.:.......7W.]6....b....6.xG..I7....DyZn.4.+Ue...f.X...-..4..-I...V..OT..Y........$..lLJD.'.......!7..T.KZ....]D...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.516851770843266
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:IV8bt9XgrBiDTT65z+Ec+fAG0IsV5sux2Zj1Np5qq8MYMg:ucgrBiDf6MEc+oG0IsTs+e11qqJg
                                                                                                                                                                                MD5:3F8C6297520807007F13D956B83A3E7B
                                                                                                                                                                                SHA1:738858B45AC5D37211F3B820B3B6BCB378196C4B
                                                                                                                                                                                SHA-256:05A03C7DC12FD55A91C6F1D33DC02CEEBC3D9F1391B5A840BC9C4F8760ADA4E4
                                                                                                                                                                                SHA-512:398C0838F12BC9D9EA23A1E4A284A60CEDB6A57FEC7CAEDF97414DD8E538D511D4CDE346182E2D0772716ED85703E91299B93694E42B7EC4621D645FA676FF9B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...i...v.:.......7W.]6....b....6.xG..I7....DyZn.4.+Ue...f.X...-..4..-I...V..OT..Y........$..lLJD.'.......!7..T.KZ....]D...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.516851770843266
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:IV8bt9XgrBiDTT65z+Ec+fAG0IsV5sux2Zj1Np5qq8MYMg:ucgrBiDf6MEc+oG0IsTs+e11qqJg
                                                                                                                                                                                MD5:3F8C6297520807007F13D956B83A3E7B
                                                                                                                                                                                SHA1:738858B45AC5D37211F3B820B3B6BCB378196C4B
                                                                                                                                                                                SHA-256:05A03C7DC12FD55A91C6F1D33DC02CEEBC3D9F1391B5A840BC9C4F8760ADA4E4
                                                                                                                                                                                SHA-512:398C0838F12BC9D9EA23A1E4A284A60CEDB6A57FEC7CAEDF97414DD8E538D511D4CDE346182E2D0772716ED85703E91299B93694E42B7EC4621D645FA676FF9B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...i...v.:.......7W.]6....b....6.xG..I7....DyZn.4.+Ue...f.X...-..4..-I...V..OT..Y........$..lLJD.'.......!7..T.KZ....]D...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.516851770843266
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:IV8bt9XgrBiDTT65z+Ec+fAG0IsV5sux2Zj1Np5qq8MYMg:ucgrBiDf6MEc+oG0IsTs+e11qqJg
                                                                                                                                                                                MD5:3F8C6297520807007F13D956B83A3E7B
                                                                                                                                                                                SHA1:738858B45AC5D37211F3B820B3B6BCB378196C4B
                                                                                                                                                                                SHA-256:05A03C7DC12FD55A91C6F1D33DC02CEEBC3D9F1391B5A840BC9C4F8760ADA4E4
                                                                                                                                                                                SHA-512:398C0838F12BC9D9EA23A1E4A284A60CEDB6A57FEC7CAEDF97414DD8E538D511D4CDE346182E2D0772716ED85703E91299B93694E42B7EC4621D645FA676FF9B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...i...v.:.......7W.]6....b....6.xG..I7....DyZn.4.+Ue...f.X...-..4..-I...V..OT..Y........$..lLJD.'.......!7..T.KZ....]D...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.516851770843266
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:IV8bt9XgrBiDTT65z+Ec+fAG0IsV5sux2Zj1Np5qq8MYMg:ucgrBiDf6MEc+oG0IsTs+e11qqJg
                                                                                                                                                                                MD5:3F8C6297520807007F13D956B83A3E7B
                                                                                                                                                                                SHA1:738858B45AC5D37211F3B820B3B6BCB378196C4B
                                                                                                                                                                                SHA-256:05A03C7DC12FD55A91C6F1D33DC02CEEBC3D9F1391B5A840BC9C4F8760ADA4E4
                                                                                                                                                                                SHA-512:398C0838F12BC9D9EA23A1E4A284A60CEDB6A57FEC7CAEDF97414DD8E538D511D4CDE346182E2D0772716ED85703E91299B93694E42B7EC4621D645FA676FF9B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...i...v.:.......7W.]6....b....6.xG..I7....DyZn.4.+Ue...f.X...-..4..-I...V..OT..Y........$..lLJD.'.......!7..T.KZ....]D...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.516851770843266
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:IV8bt9XgrBiDTT65z+Ec+fAG0IsV5sux2Zj1Np5qq8MYMg:ucgrBiDf6MEc+oG0IsTs+e11qqJg
                                                                                                                                                                                MD5:3F8C6297520807007F13D956B83A3E7B
                                                                                                                                                                                SHA1:738858B45AC5D37211F3B820B3B6BCB378196C4B
                                                                                                                                                                                SHA-256:05A03C7DC12FD55A91C6F1D33DC02CEEBC3D9F1391B5A840BC9C4F8760ADA4E4
                                                                                                                                                                                SHA-512:398C0838F12BC9D9EA23A1E4A284A60CEDB6A57FEC7CAEDF97414DD8E538D511D4CDE346182E2D0772716ED85703E91299B93694E42B7EC4621D645FA676FF9B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...i...v.:.......7W.]6....b....6.xG..I7....DyZn.4.+Ue...f.X...-..4..-I...V..OT..Y........$..lLJD.'.......!7..T.KZ....]D...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.516851770843266
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:IV8bt9XgrBiDTT65z+Ec+fAG0IsV5sux2Zj1Np5qq8MYMg:ucgrBiDf6MEc+oG0IsTs+e11qqJg
                                                                                                                                                                                MD5:3F8C6297520807007F13D956B83A3E7B
                                                                                                                                                                                SHA1:738858B45AC5D37211F3B820B3B6BCB378196C4B
                                                                                                                                                                                SHA-256:05A03C7DC12FD55A91C6F1D33DC02CEEBC3D9F1391B5A840BC9C4F8760ADA4E4
                                                                                                                                                                                SHA-512:398C0838F12BC9D9EA23A1E4A284A60CEDB6A57FEC7CAEDF97414DD8E538D511D4CDE346182E2D0772716ED85703E91299B93694E42B7EC4621D645FA676FF9B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...i...v.:.......7W.]6....b....6.xG..I7....DyZn.4.+Ue...f.X...-..4..-I...V..OT..Y........$..lLJD.'.......!7..T.KZ....]D...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.516851770843266
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:IV8bt9XgrBiDTT65z+Ec+fAG0IsV5sux2Zj1Np5qq8MYMg:ucgrBiDf6MEc+oG0IsTs+e11qqJg
                                                                                                                                                                                MD5:3F8C6297520807007F13D956B83A3E7B
                                                                                                                                                                                SHA1:738858B45AC5D37211F3B820B3B6BCB378196C4B
                                                                                                                                                                                SHA-256:05A03C7DC12FD55A91C6F1D33DC02CEEBC3D9F1391B5A840BC9C4F8760ADA4E4
                                                                                                                                                                                SHA-512:398C0838F12BC9D9EA23A1E4A284A60CEDB6A57FEC7CAEDF97414DD8E538D511D4CDE346182E2D0772716ED85703E91299B93694E42B7EC4621D645FA676FF9B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...i...v.:.......7W.]6....b....6.xG..I7....DyZn.4.+Ue...f.X...-..4..-I...V..OT..Y........$..lLJD.'.......!7..T.KZ....]D...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.516851770843266
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:IV8bt9XgrBiDTT65z+Ec+fAG0IsV5sux2Zj1Np5qq8MYMg:ucgrBiDf6MEc+oG0IsTs+e11qqJg
                                                                                                                                                                                MD5:3F8C6297520807007F13D956B83A3E7B
                                                                                                                                                                                SHA1:738858B45AC5D37211F3B820B3B6BCB378196C4B
                                                                                                                                                                                SHA-256:05A03C7DC12FD55A91C6F1D33DC02CEEBC3D9F1391B5A840BC9C4F8760ADA4E4
                                                                                                                                                                                SHA-512:398C0838F12BC9D9EA23A1E4A284A60CEDB6A57FEC7CAEDF97414DD8E538D511D4CDE346182E2D0772716ED85703E91299B93694E42B7EC4621D645FA676FF9B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...i...v.:.......7W.]6....b....6.xG..I7....DyZn.4.+Ue...f.X...-..4..-I...V..OT..Y........$..lLJD.'.......!7..T.KZ....]D...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.516851770843266
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:IV8bt9XgrBiDTT65z+Ec+fAG0IsV5sux2Zj1Np5qq8MYMg:ucgrBiDf6MEc+oG0IsTs+e11qqJg
                                                                                                                                                                                MD5:3F8C6297520807007F13D956B83A3E7B
                                                                                                                                                                                SHA1:738858B45AC5D37211F3B820B3B6BCB378196C4B
                                                                                                                                                                                SHA-256:05A03C7DC12FD55A91C6F1D33DC02CEEBC3D9F1391B5A840BC9C4F8760ADA4E4
                                                                                                                                                                                SHA-512:398C0838F12BC9D9EA23A1E4A284A60CEDB6A57FEC7CAEDF97414DD8E538D511D4CDE346182E2D0772716ED85703E91299B93694E42B7EC4621D645FA676FF9B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...i...v.:.......7W.]6....b....6.xG..I7....DyZn.4.+Ue...f.X...-..4..-I...V..OT..Y........$..lLJD.'.......!7..T.KZ....]D...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.575067080954328
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:A7zi23TK+JRxq8HX+2p/+KFNvVnsgqBGd:A7zi2DKCM83+2pHFNrT
                                                                                                                                                                                MD5:9C25C02285895DC838D97409BC6FA003
                                                                                                                                                                                SHA1:C24D71AAE20B481DE15427DDCF859904AD70F4A8
                                                                                                                                                                                SHA-256:A45441C6CD4BB5260248AD9D15FB2F08C036BDA00D25B5DB9EA5B6D8A63814CE
                                                                                                                                                                                SHA-512:64FF1844B8CAAE8758EDD5ABD33B57CEEED8CAE0DAFCE36E1DF26EED00F59DC2CB2816E1D5D85DE0C213FDCCDD42FA20FB56EEF5FC7DD14AA7083923DE768E86
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..'.[.z........U..\...%..l/;.n.q.....|%l....>..q(]..]...*...i.4..-.w?..(Z=....oZ.N..:...v.{....u....X..`.+.9.Qba..0...#r.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.575067080954328
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:A7zi23TK+JRxq8HX+2p/+KFNvVnsgqBGd:A7zi2DKCM83+2pHFNrT
                                                                                                                                                                                MD5:9C25C02285895DC838D97409BC6FA003
                                                                                                                                                                                SHA1:C24D71AAE20B481DE15427DDCF859904AD70F4A8
                                                                                                                                                                                SHA-256:A45441C6CD4BB5260248AD9D15FB2F08C036BDA00D25B5DB9EA5B6D8A63814CE
                                                                                                                                                                                SHA-512:64FF1844B8CAAE8758EDD5ABD33B57CEEED8CAE0DAFCE36E1DF26EED00F59DC2CB2816E1D5D85DE0C213FDCCDD42FA20FB56EEF5FC7DD14AA7083923DE768E86
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..'.[.z........U..\...%..l/;.n.q.....|%l....>..q(]..]...*...i.4..-.w?..(Z=....oZ.N..:...v.{....u....X..`.+.9.Qba..0...#r.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.575067080954328
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:A7zi23TK+JRxq8HX+2p/+KFNvVnsgqBGd:A7zi2DKCM83+2pHFNrT
                                                                                                                                                                                MD5:9C25C02285895DC838D97409BC6FA003
                                                                                                                                                                                SHA1:C24D71AAE20B481DE15427DDCF859904AD70F4A8
                                                                                                                                                                                SHA-256:A45441C6CD4BB5260248AD9D15FB2F08C036BDA00D25B5DB9EA5B6D8A63814CE
                                                                                                                                                                                SHA-512:64FF1844B8CAAE8758EDD5ABD33B57CEEED8CAE0DAFCE36E1DF26EED00F59DC2CB2816E1D5D85DE0C213FDCCDD42FA20FB56EEF5FC7DD14AA7083923DE768E86
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..'.[.z........U..\...%..l/;.n.q.....|%l....>..q(]..]...*...i.4..-.w?..(Z=....oZ.N..:...v.{....u....X..`.+.9.Qba..0...#r.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.575067080954328
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:A7zi23TK+JRxq8HX+2p/+KFNvVnsgqBGd:A7zi2DKCM83+2pHFNrT
                                                                                                                                                                                MD5:9C25C02285895DC838D97409BC6FA003
                                                                                                                                                                                SHA1:C24D71AAE20B481DE15427DDCF859904AD70F4A8
                                                                                                                                                                                SHA-256:A45441C6CD4BB5260248AD9D15FB2F08C036BDA00D25B5DB9EA5B6D8A63814CE
                                                                                                                                                                                SHA-512:64FF1844B8CAAE8758EDD5ABD33B57CEEED8CAE0DAFCE36E1DF26EED00F59DC2CB2816E1D5D85DE0C213FDCCDD42FA20FB56EEF5FC7DD14AA7083923DE768E86
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..'.[.z........U..\...%..l/;.n.q.....|%l....>..q(]..]...*...i.4..-.w?..(Z=....oZ.N..:...v.{....u....X..`.+.9.Qba..0...#r.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.575067080954328
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:A7zi23TK+JRxq8HX+2p/+KFNvVnsgqBGd:A7zi2DKCM83+2pHFNrT
                                                                                                                                                                                MD5:9C25C02285895DC838D97409BC6FA003
                                                                                                                                                                                SHA1:C24D71AAE20B481DE15427DDCF859904AD70F4A8
                                                                                                                                                                                SHA-256:A45441C6CD4BB5260248AD9D15FB2F08C036BDA00D25B5DB9EA5B6D8A63814CE
                                                                                                                                                                                SHA-512:64FF1844B8CAAE8758EDD5ABD33B57CEEED8CAE0DAFCE36E1DF26EED00F59DC2CB2816E1D5D85DE0C213FDCCDD42FA20FB56EEF5FC7DD14AA7083923DE768E86
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..'.[.z........U..\...%..l/;.n.q.....|%l....>..q(]..]...*...i.4..-.w?..(Z=....oZ.N..:...v.{....u....X..`.+.9.Qba..0...#r.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.575067080954328
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:A7zi23TK+JRxq8HX+2p/+KFNvVnsgqBGd:A7zi2DKCM83+2pHFNrT
                                                                                                                                                                                MD5:9C25C02285895DC838D97409BC6FA003
                                                                                                                                                                                SHA1:C24D71AAE20B481DE15427DDCF859904AD70F4A8
                                                                                                                                                                                SHA-256:A45441C6CD4BB5260248AD9D15FB2F08C036BDA00D25B5DB9EA5B6D8A63814CE
                                                                                                                                                                                SHA-512:64FF1844B8CAAE8758EDD5ABD33B57CEEED8CAE0DAFCE36E1DF26EED00F59DC2CB2816E1D5D85DE0C213FDCCDD42FA20FB56EEF5FC7DD14AA7083923DE768E86
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..'.[.z........U..\...%..l/;.n.q.....|%l....>..q(]..]...*...i.4..-.w?..(Z=....oZ.N..:...v.{....u....X..`.+.9.Qba..0...#r.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.575067080954328
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:A7zi23TK+JRxq8HX+2p/+KFNvVnsgqBGd:A7zi2DKCM83+2pHFNrT
                                                                                                                                                                                MD5:9C25C02285895DC838D97409BC6FA003
                                                                                                                                                                                SHA1:C24D71AAE20B481DE15427DDCF859904AD70F4A8
                                                                                                                                                                                SHA-256:A45441C6CD4BB5260248AD9D15FB2F08C036BDA00D25B5DB9EA5B6D8A63814CE
                                                                                                                                                                                SHA-512:64FF1844B8CAAE8758EDD5ABD33B57CEEED8CAE0DAFCE36E1DF26EED00F59DC2CB2816E1D5D85DE0C213FDCCDD42FA20FB56EEF5FC7DD14AA7083923DE768E86
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..'.[.z........U..\...%..l/;.n.q.....|%l....>..q(]..]...*...i.4..-.w?..(Z=....oZ.N..:...v.{....u....X..`.+.9.Qba..0...#r.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.575067080954328
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:A7zi23TK+JRxq8HX+2p/+KFNvVnsgqBGd:A7zi2DKCM83+2pHFNrT
                                                                                                                                                                                MD5:9C25C02285895DC838D97409BC6FA003
                                                                                                                                                                                SHA1:C24D71AAE20B481DE15427DDCF859904AD70F4A8
                                                                                                                                                                                SHA-256:A45441C6CD4BB5260248AD9D15FB2F08C036BDA00D25B5DB9EA5B6D8A63814CE
                                                                                                                                                                                SHA-512:64FF1844B8CAAE8758EDD5ABD33B57CEEED8CAE0DAFCE36E1DF26EED00F59DC2CB2816E1D5D85DE0C213FDCCDD42FA20FB56EEF5FC7DD14AA7083923DE768E86
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..'.[.z........U..\...%..l/;.n.q.....|%l....>..q(]..]...*...i.4..-.w?..(Z=....oZ.N..:...v.{....u....X..`.+.9.Qba..0...#r.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.575067080954328
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:A7zi23TK+JRxq8HX+2p/+KFNvVnsgqBGd:A7zi2DKCM83+2pHFNrT
                                                                                                                                                                                MD5:9C25C02285895DC838D97409BC6FA003
                                                                                                                                                                                SHA1:C24D71AAE20B481DE15427DDCF859904AD70F4A8
                                                                                                                                                                                SHA-256:A45441C6CD4BB5260248AD9D15FB2F08C036BDA00D25B5DB9EA5B6D8A63814CE
                                                                                                                                                                                SHA-512:64FF1844B8CAAE8758EDD5ABD33B57CEEED8CAE0DAFCE36E1DF26EED00F59DC2CB2816E1D5D85DE0C213FDCCDD42FA20FB56EEF5FC7DD14AA7083923DE768E86
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..'.[.z........U..\...%..l/;.n.q.....|%l....>..q(]..]...*...i.4..-.w?..(Z=....oZ.N..:...v.{....u....X..`.+.9.Qba..0...#r.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.575067080954328
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:A7zi23TK+JRxq8HX+2p/+KFNvVnsgqBGd:A7zi2DKCM83+2pHFNrT
                                                                                                                                                                                MD5:9C25C02285895DC838D97409BC6FA003
                                                                                                                                                                                SHA1:C24D71AAE20B481DE15427DDCF859904AD70F4A8
                                                                                                                                                                                SHA-256:A45441C6CD4BB5260248AD9D15FB2F08C036BDA00D25B5DB9EA5B6D8A63814CE
                                                                                                                                                                                SHA-512:64FF1844B8CAAE8758EDD5ABD33B57CEEED8CAE0DAFCE36E1DF26EED00F59DC2CB2816E1D5D85DE0C213FDCCDD42FA20FB56EEF5FC7DD14AA7083923DE768E86
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..'.[.z........U..\...%..l/;.n.q.....|%l....>..q(]..]...*...i.4..-.w?..(Z=....oZ.N..:...v.{....u....X..`.+.9.Qba..0...#r.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.575067080954328
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:A7zi23TK+JRxq8HX+2p/+KFNvVnsgqBGd:A7zi2DKCM83+2pHFNrT
                                                                                                                                                                                MD5:9C25C02285895DC838D97409BC6FA003
                                                                                                                                                                                SHA1:C24D71AAE20B481DE15427DDCF859904AD70F4A8
                                                                                                                                                                                SHA-256:A45441C6CD4BB5260248AD9D15FB2F08C036BDA00D25B5DB9EA5B6D8A63814CE
                                                                                                                                                                                SHA-512:64FF1844B8CAAE8758EDD5ABD33B57CEEED8CAE0DAFCE36E1DF26EED00F59DC2CB2816E1D5D85DE0C213FDCCDD42FA20FB56EEF5FC7DD14AA7083923DE768E86
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..'.[.z........U..\...%..l/;.n.q.....|%l....>..q(]..]...*...i.4..-.w?..(Z=....oZ.N..:...v.{....u....X..`.+.9.Qba..0...#r.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.575067080954328
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:A7zi23TK+JRxq8HX+2p/+KFNvVnsgqBGd:A7zi2DKCM83+2pHFNrT
                                                                                                                                                                                MD5:9C25C02285895DC838D97409BC6FA003
                                                                                                                                                                                SHA1:C24D71AAE20B481DE15427DDCF859904AD70F4A8
                                                                                                                                                                                SHA-256:A45441C6CD4BB5260248AD9D15FB2F08C036BDA00D25B5DB9EA5B6D8A63814CE
                                                                                                                                                                                SHA-512:64FF1844B8CAAE8758EDD5ABD33B57CEEED8CAE0DAFCE36E1DF26EED00F59DC2CB2816E1D5D85DE0C213FDCCDD42FA20FB56EEF5FC7DD14AA7083923DE768E86
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..'.[.z........U..\...%..l/;.n.q.....|%l....>..q(]..]...*...i.4..-.w?..(Z=....oZ.N..:...v.{....u....X..`.+.9.Qba..0...#r.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.575067080954328
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:A7zi23TK+JRxq8HX+2p/+KFNvVnsgqBGd:A7zi2DKCM83+2pHFNrT
                                                                                                                                                                                MD5:9C25C02285895DC838D97409BC6FA003
                                                                                                                                                                                SHA1:C24D71AAE20B481DE15427DDCF859904AD70F4A8
                                                                                                                                                                                SHA-256:A45441C6CD4BB5260248AD9D15FB2F08C036BDA00D25B5DB9EA5B6D8A63814CE
                                                                                                                                                                                SHA-512:64FF1844B8CAAE8758EDD5ABD33B57CEEED8CAE0DAFCE36E1DF26EED00F59DC2CB2816E1D5D85DE0C213FDCCDD42FA20FB56EEF5FC7DD14AA7083923DE768E86
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..'.[.z........U..\...%..l/;.n.q.....|%l....>..q(]..]...*...i.4..-.w?..(Z=....oZ.N..:...v.{....u....X..`.+.9.Qba..0...#r.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.575067080954328
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:A7zi23TK+JRxq8HX+2p/+KFNvVnsgqBGd:A7zi2DKCM83+2pHFNrT
                                                                                                                                                                                MD5:9C25C02285895DC838D97409BC6FA003
                                                                                                                                                                                SHA1:C24D71AAE20B481DE15427DDCF859904AD70F4A8
                                                                                                                                                                                SHA-256:A45441C6CD4BB5260248AD9D15FB2F08C036BDA00D25B5DB9EA5B6D8A63814CE
                                                                                                                                                                                SHA-512:64FF1844B8CAAE8758EDD5ABD33B57CEEED8CAE0DAFCE36E1DF26EED00F59DC2CB2816E1D5D85DE0C213FDCCDD42FA20FB56EEF5FC7DD14AA7083923DE768E86
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..'.[.z........U..\...%..l/;.n.q.....|%l....>..q(]..]...*...i.4..-.w?..(Z=....oZ.N..:...v.{....u....X..`.+.9.Qba..0...#r.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.575067080954328
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:A7zi23TK+JRxq8HX+2p/+KFNvVnsgqBGd:A7zi2DKCM83+2pHFNrT
                                                                                                                                                                                MD5:9C25C02285895DC838D97409BC6FA003
                                                                                                                                                                                SHA1:C24D71AAE20B481DE15427DDCF859904AD70F4A8
                                                                                                                                                                                SHA-256:A45441C6CD4BB5260248AD9D15FB2F08C036BDA00D25B5DB9EA5B6D8A63814CE
                                                                                                                                                                                SHA-512:64FF1844B8CAAE8758EDD5ABD33B57CEEED8CAE0DAFCE36E1DF26EED00F59DC2CB2816E1D5D85DE0C213FDCCDD42FA20FB56EEF5FC7DD14AA7083923DE768E86
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..'.[.z........U..\...%..l/;.n.q.....|%l....>..q(]..]...*...i.4..-.w?..(Z=....oZ.N..:...v.{....u....X..`.+.9.Qba..0...#r.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.575067080954328
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:A7zi23TK+JRxq8HX+2p/+KFNvVnsgqBGd:A7zi2DKCM83+2pHFNrT
                                                                                                                                                                                MD5:9C25C02285895DC838D97409BC6FA003
                                                                                                                                                                                SHA1:C24D71AAE20B481DE15427DDCF859904AD70F4A8
                                                                                                                                                                                SHA-256:A45441C6CD4BB5260248AD9D15FB2F08C036BDA00D25B5DB9EA5B6D8A63814CE
                                                                                                                                                                                SHA-512:64FF1844B8CAAE8758EDD5ABD33B57CEEED8CAE0DAFCE36E1DF26EED00F59DC2CB2816E1D5D85DE0C213FDCCDD42FA20FB56EEF5FC7DD14AA7083923DE768E86
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..'.[.z........U..\...%..l/;.n.q.....|%l....>..q(]..]...*...i.4..-.w?..(Z=....oZ.N..:...v.{....u....X..`.+.9.Qba..0...#r.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.575067080954328
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:A7zi23TK+JRxq8HX+2p/+KFNvVnsgqBGd:A7zi2DKCM83+2pHFNrT
                                                                                                                                                                                MD5:9C25C02285895DC838D97409BC6FA003
                                                                                                                                                                                SHA1:C24D71AAE20B481DE15427DDCF859904AD70F4A8
                                                                                                                                                                                SHA-256:A45441C6CD4BB5260248AD9D15FB2F08C036BDA00D25B5DB9EA5B6D8A63814CE
                                                                                                                                                                                SHA-512:64FF1844B8CAAE8758EDD5ABD33B57CEEED8CAE0DAFCE36E1DF26EED00F59DC2CB2816E1D5D85DE0C213FDCCDD42FA20FB56EEF5FC7DD14AA7083923DE768E86
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..'.[.z........U..\...%..l/;.n.q.....|%l....>..q(]..]...*...i.4..-.w?..(Z=....oZ.N..:...v.{....u....X..`.+.9.Qba..0...#r.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.575067080954328
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:A7zi23TK+JRxq8HX+2p/+KFNvVnsgqBGd:A7zi2DKCM83+2pHFNrT
                                                                                                                                                                                MD5:9C25C02285895DC838D97409BC6FA003
                                                                                                                                                                                SHA1:C24D71AAE20B481DE15427DDCF859904AD70F4A8
                                                                                                                                                                                SHA-256:A45441C6CD4BB5260248AD9D15FB2F08C036BDA00D25B5DB9EA5B6D8A63814CE
                                                                                                                                                                                SHA-512:64FF1844B8CAAE8758EDD5ABD33B57CEEED8CAE0DAFCE36E1DF26EED00F59DC2CB2816E1D5D85DE0C213FDCCDD42FA20FB56EEF5FC7DD14AA7083923DE768E86
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..'.[.z........U..\...%..l/;.n.q.....|%l....>..q(]..]...*...i.4..-.w?..(Z=....oZ.N..:...v.{....u....X..`.+.9.Qba..0...#r.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.575067080954328
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:A7zi23TK+JRxq8HX+2p/+KFNvVnsgqBGd:A7zi2DKCM83+2pHFNrT
                                                                                                                                                                                MD5:9C25C02285895DC838D97409BC6FA003
                                                                                                                                                                                SHA1:C24D71AAE20B481DE15427DDCF859904AD70F4A8
                                                                                                                                                                                SHA-256:A45441C6CD4BB5260248AD9D15FB2F08C036BDA00D25B5DB9EA5B6D8A63814CE
                                                                                                                                                                                SHA-512:64FF1844B8CAAE8758EDD5ABD33B57CEEED8CAE0DAFCE36E1DF26EED00F59DC2CB2816E1D5D85DE0C213FDCCDD42FA20FB56EEF5FC7DD14AA7083923DE768E86
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..'.[.z........U..\...%..l/;.n.q.....|%l....>..q(]..]...*...i.4..-.w?..(Z=....oZ.N..:...v.{....u....X..`.+.9.Qba..0...#r.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.575067080954328
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:A7zi23TK+JRxq8HX+2p/+KFNvVnsgqBGd:A7zi2DKCM83+2pHFNrT
                                                                                                                                                                                MD5:9C25C02285895DC838D97409BC6FA003
                                                                                                                                                                                SHA1:C24D71AAE20B481DE15427DDCF859904AD70F4A8
                                                                                                                                                                                SHA-256:A45441C6CD4BB5260248AD9D15FB2F08C036BDA00D25B5DB9EA5B6D8A63814CE
                                                                                                                                                                                SHA-512:64FF1844B8CAAE8758EDD5ABD33B57CEEED8CAE0DAFCE36E1DF26EED00F59DC2CB2816E1D5D85DE0C213FDCCDD42FA20FB56EEF5FC7DD14AA7083923DE768E86
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..'.[.z........U..\...%..l/;.n.q.....|%l....>..q(]..]...*...i.4..-.w?..(Z=....oZ.N..:...v.{....u....X..`.+.9.Qba..0...#r.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.575067080954328
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:A7zi23TK+JRxq8HX+2p/+KFNvVnsgqBGd:A7zi2DKCM83+2pHFNrT
                                                                                                                                                                                MD5:9C25C02285895DC838D97409BC6FA003
                                                                                                                                                                                SHA1:C24D71AAE20B481DE15427DDCF859904AD70F4A8
                                                                                                                                                                                SHA-256:A45441C6CD4BB5260248AD9D15FB2F08C036BDA00D25B5DB9EA5B6D8A63814CE
                                                                                                                                                                                SHA-512:64FF1844B8CAAE8758EDD5ABD33B57CEEED8CAE0DAFCE36E1DF26EED00F59DC2CB2816E1D5D85DE0C213FDCCDD42FA20FB56EEF5FC7DD14AA7083923DE768E86
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..'.[.z........U..\...%..l/;.n.q.....|%l....>..q(]..]...*...i.4..-.w?..(Z=....oZ.N..:...v.{....u....X..`.+.9.Qba..0...#r.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.575067080954328
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:A7zi23TK+JRxq8HX+2p/+KFNvVnsgqBGd:A7zi2DKCM83+2pHFNrT
                                                                                                                                                                                MD5:9C25C02285895DC838D97409BC6FA003
                                                                                                                                                                                SHA1:C24D71AAE20B481DE15427DDCF859904AD70F4A8
                                                                                                                                                                                SHA-256:A45441C6CD4BB5260248AD9D15FB2F08C036BDA00D25B5DB9EA5B6D8A63814CE
                                                                                                                                                                                SHA-512:64FF1844B8CAAE8758EDD5ABD33B57CEEED8CAE0DAFCE36E1DF26EED00F59DC2CB2816E1D5D85DE0C213FDCCDD42FA20FB56EEF5FC7DD14AA7083923DE768E86
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..'.[.z........U..\...%..l/;.n.q.....|%l....>..q(]..]...*...i.4..-.w?..(Z=....oZ.N..:...v.{....u....X..`.+.9.Qba..0...#r.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.575067080954328
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:A7zi23TK+JRxq8HX+2p/+KFNvVnsgqBGd:A7zi2DKCM83+2pHFNrT
                                                                                                                                                                                MD5:9C25C02285895DC838D97409BC6FA003
                                                                                                                                                                                SHA1:C24D71AAE20B481DE15427DDCF859904AD70F4A8
                                                                                                                                                                                SHA-256:A45441C6CD4BB5260248AD9D15FB2F08C036BDA00D25B5DB9EA5B6D8A63814CE
                                                                                                                                                                                SHA-512:64FF1844B8CAAE8758EDD5ABD33B57CEEED8CAE0DAFCE36E1DF26EED00F59DC2CB2816E1D5D85DE0C213FDCCDD42FA20FB56EEF5FC7DD14AA7083923DE768E86
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..'.[.z........U..\...%..l/;.n.q.....|%l....>..q(]..]...*...i.4..-.w?..(Z=....oZ.N..:...v.{....u....X..`.+.9.Qba..0...#r.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.575067080954328
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:A7zi23TK+JRxq8HX+2p/+KFNvVnsgqBGd:A7zi2DKCM83+2pHFNrT
                                                                                                                                                                                MD5:9C25C02285895DC838D97409BC6FA003
                                                                                                                                                                                SHA1:C24D71AAE20B481DE15427DDCF859904AD70F4A8
                                                                                                                                                                                SHA-256:A45441C6CD4BB5260248AD9D15FB2F08C036BDA00D25B5DB9EA5B6D8A63814CE
                                                                                                                                                                                SHA-512:64FF1844B8CAAE8758EDD5ABD33B57CEEED8CAE0DAFCE36E1DF26EED00F59DC2CB2816E1D5D85DE0C213FDCCDD42FA20FB56EEF5FC7DD14AA7083923DE768E86
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..'.[.z........U..\...%..l/;.n.q.....|%l....>..q(]..]...*...i.4..-.w?..(Z=....oZ.N..:...v.{....u....X..`.+.9.Qba..0...#r.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.575067080954328
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:A7zi23TK+JRxq8HX+2p/+KFNvVnsgqBGd:A7zi2DKCM83+2pHFNrT
                                                                                                                                                                                MD5:9C25C02285895DC838D97409BC6FA003
                                                                                                                                                                                SHA1:C24D71AAE20B481DE15427DDCF859904AD70F4A8
                                                                                                                                                                                SHA-256:A45441C6CD4BB5260248AD9D15FB2F08C036BDA00D25B5DB9EA5B6D8A63814CE
                                                                                                                                                                                SHA-512:64FF1844B8CAAE8758EDD5ABD33B57CEEED8CAE0DAFCE36E1DF26EED00F59DC2CB2816E1D5D85DE0C213FDCCDD42FA20FB56EEF5FC7DD14AA7083923DE768E86
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..'.[.z........U..\...%..l/;.n.q.....|%l....>..q(]..]...*...i.4..-.w?..(Z=....oZ.N..:...v.{....u....X..`.+.9.Qba..0...#r.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.575067080954328
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:A7zi23TK+JRxq8HX+2p/+KFNvVnsgqBGd:A7zi2DKCM83+2pHFNrT
                                                                                                                                                                                MD5:9C25C02285895DC838D97409BC6FA003
                                                                                                                                                                                SHA1:C24D71AAE20B481DE15427DDCF859904AD70F4A8
                                                                                                                                                                                SHA-256:A45441C6CD4BB5260248AD9D15FB2F08C036BDA00D25B5DB9EA5B6D8A63814CE
                                                                                                                                                                                SHA-512:64FF1844B8CAAE8758EDD5ABD33B57CEEED8CAE0DAFCE36E1DF26EED00F59DC2CB2816E1D5D85DE0C213FDCCDD42FA20FB56EEF5FC7DD14AA7083923DE768E86
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..'.[.z........U..\...%..l/;.n.q.....|%l....>..q(]..]...*...i.4..-.w?..(Z=....oZ.N..:...v.{....u....X..`.+.9.Qba..0...#r.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.575067080954328
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:A7zi23TK+JRxq8HX+2p/+KFNvVnsgqBGd:A7zi2DKCM83+2pHFNrT
                                                                                                                                                                                MD5:9C25C02285895DC838D97409BC6FA003
                                                                                                                                                                                SHA1:C24D71AAE20B481DE15427DDCF859904AD70F4A8
                                                                                                                                                                                SHA-256:A45441C6CD4BB5260248AD9D15FB2F08C036BDA00D25B5DB9EA5B6D8A63814CE
                                                                                                                                                                                SHA-512:64FF1844B8CAAE8758EDD5ABD33B57CEEED8CAE0DAFCE36E1DF26EED00F59DC2CB2816E1D5D85DE0C213FDCCDD42FA20FB56EEF5FC7DD14AA7083923DE768E86
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..'.[.z........U..\...%..l/;.n.q.....|%l....>..q(]..]...*...i.4..-.w?..(Z=....oZ.N..:...v.{....u....X..`.+.9.Qba..0...#r.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.586770763158416
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:/G4bmB1fPIwra1ArZNrKH8gkochY2i+Ny39Ln:zbmDPIeE8sHxEhvNy39L
                                                                                                                                                                                MD5:30C60AC8C9D3CCFE48FD72A205AF9842
                                                                                                                                                                                SHA1:E76576EC3F736D9FF83F17A86444B17278882198
                                                                                                                                                                                SHA-256:310E51DC140EE11C4A6236FC35302F0DD4498B55A86987A47338E3A7F01B36E8
                                                                                                                                                                                SHA-512:17327E5D6E2BBD0516768BD077B3CE2994DD419667E615D0587E39B5106E8592C0D93953409BABE0366A632096AAED81684ED24F272EB6357E7324EB2ADE29B7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.HnJ0._.R{bb.....t"......z.......o.hd......H..\R..S..#.....vc.....&....^.WL......r..@.`....=..w....(.-......Ta.m..!....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.586770763158416
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:/G4bmB1fPIwra1ArZNrKH8gkochY2i+Ny39Ln:zbmDPIeE8sHxEhvNy39L
                                                                                                                                                                                MD5:30C60AC8C9D3CCFE48FD72A205AF9842
                                                                                                                                                                                SHA1:E76576EC3F736D9FF83F17A86444B17278882198
                                                                                                                                                                                SHA-256:310E51DC140EE11C4A6236FC35302F0DD4498B55A86987A47338E3A7F01B36E8
                                                                                                                                                                                SHA-512:17327E5D6E2BBD0516768BD077B3CE2994DD419667E615D0587E39B5106E8592C0D93953409BABE0366A632096AAED81684ED24F272EB6357E7324EB2ADE29B7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.HnJ0._.R{bb.....t"......z.......o.hd......H..\R..S..#.....vc.....&....^.WL......r..@.`....=..w....(.-......Ta.m..!....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.586770763158416
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:/G4bmB1fPIwra1ArZNrKH8gkochY2i+Ny39Ln:zbmDPIeE8sHxEhvNy39L
                                                                                                                                                                                MD5:30C60AC8C9D3CCFE48FD72A205AF9842
                                                                                                                                                                                SHA1:E76576EC3F736D9FF83F17A86444B17278882198
                                                                                                                                                                                SHA-256:310E51DC140EE11C4A6236FC35302F0DD4498B55A86987A47338E3A7F01B36E8
                                                                                                                                                                                SHA-512:17327E5D6E2BBD0516768BD077B3CE2994DD419667E615D0587E39B5106E8592C0D93953409BABE0366A632096AAED81684ED24F272EB6357E7324EB2ADE29B7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.HnJ0._.R{bb.....t"......z.......o.hd......H..\R..S..#.....vc.....&....^.WL......r..@.`....=..w....(.-......Ta.m..!....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.586770763158416
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:/G4bmB1fPIwra1ArZNrKH8gkochY2i+Ny39Ln:zbmDPIeE8sHxEhvNy39L
                                                                                                                                                                                MD5:30C60AC8C9D3CCFE48FD72A205AF9842
                                                                                                                                                                                SHA1:E76576EC3F736D9FF83F17A86444B17278882198
                                                                                                                                                                                SHA-256:310E51DC140EE11C4A6236FC35302F0DD4498B55A86987A47338E3A7F01B36E8
                                                                                                                                                                                SHA-512:17327E5D6E2BBD0516768BD077B3CE2994DD419667E615D0587E39B5106E8592C0D93953409BABE0366A632096AAED81684ED24F272EB6357E7324EB2ADE29B7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.HnJ0._.R{bb.....t"......z.......o.hd......H..\R..S..#.....vc.....&....^.WL......r..@.`....=..w....(.-......Ta.m..!....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.586770763158416
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:/G4bmB1fPIwra1ArZNrKH8gkochY2i+Ny39Ln:zbmDPIeE8sHxEhvNy39L
                                                                                                                                                                                MD5:30C60AC8C9D3CCFE48FD72A205AF9842
                                                                                                                                                                                SHA1:E76576EC3F736D9FF83F17A86444B17278882198
                                                                                                                                                                                SHA-256:310E51DC140EE11C4A6236FC35302F0DD4498B55A86987A47338E3A7F01B36E8
                                                                                                                                                                                SHA-512:17327E5D6E2BBD0516768BD077B3CE2994DD419667E615D0587E39B5106E8592C0D93953409BABE0366A632096AAED81684ED24F272EB6357E7324EB2ADE29B7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.HnJ0._.R{bb.....t"......z.......o.hd......H..\R..S..#.....vc.....&....^.WL......r..@.`....=..w....(.-......Ta.m..!....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.586770763158416
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:/G4bmB1fPIwra1ArZNrKH8gkochY2i+Ny39Ln:zbmDPIeE8sHxEhvNy39L
                                                                                                                                                                                MD5:30C60AC8C9D3CCFE48FD72A205AF9842
                                                                                                                                                                                SHA1:E76576EC3F736D9FF83F17A86444B17278882198
                                                                                                                                                                                SHA-256:310E51DC140EE11C4A6236FC35302F0DD4498B55A86987A47338E3A7F01B36E8
                                                                                                                                                                                SHA-512:17327E5D6E2BBD0516768BD077B3CE2994DD419667E615D0587E39B5106E8592C0D93953409BABE0366A632096AAED81684ED24F272EB6357E7324EB2ADE29B7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.HnJ0._.R{bb.....t"......z.......o.hd......H..\R..S..#.....vc.....&....^.WL......r..@.`....=..w....(.-......Ta.m..!....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.586770763158416
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:/G4bmB1fPIwra1ArZNrKH8gkochY2i+Ny39Ln:zbmDPIeE8sHxEhvNy39L
                                                                                                                                                                                MD5:30C60AC8C9D3CCFE48FD72A205AF9842
                                                                                                                                                                                SHA1:E76576EC3F736D9FF83F17A86444B17278882198
                                                                                                                                                                                SHA-256:310E51DC140EE11C4A6236FC35302F0DD4498B55A86987A47338E3A7F01B36E8
                                                                                                                                                                                SHA-512:17327E5D6E2BBD0516768BD077B3CE2994DD419667E615D0587E39B5106E8592C0D93953409BABE0366A632096AAED81684ED24F272EB6357E7324EB2ADE29B7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.HnJ0._.R{bb.....t"......z.......o.hd......H..\R..S..#.....vc.....&....^.WL......r..@.`....=..w....(.-......Ta.m..!....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.586770763158416
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:/G4bmB1fPIwra1ArZNrKH8gkochY2i+Ny39Ln:zbmDPIeE8sHxEhvNy39L
                                                                                                                                                                                MD5:30C60AC8C9D3CCFE48FD72A205AF9842
                                                                                                                                                                                SHA1:E76576EC3F736D9FF83F17A86444B17278882198
                                                                                                                                                                                SHA-256:310E51DC140EE11C4A6236FC35302F0DD4498B55A86987A47338E3A7F01B36E8
                                                                                                                                                                                SHA-512:17327E5D6E2BBD0516768BD077B3CE2994DD419667E615D0587E39B5106E8592C0D93953409BABE0366A632096AAED81684ED24F272EB6357E7324EB2ADE29B7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.HnJ0._.R{bb.....t"......z.......o.hd......H..\R..S..#.....vc.....&....^.WL......r..@.`....=..w....(.-......Ta.m..!....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.586770763158416
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:/G4bmB1fPIwra1ArZNrKH8gkochY2i+Ny39Ln:zbmDPIeE8sHxEhvNy39L
                                                                                                                                                                                MD5:30C60AC8C9D3CCFE48FD72A205AF9842
                                                                                                                                                                                SHA1:E76576EC3F736D9FF83F17A86444B17278882198
                                                                                                                                                                                SHA-256:310E51DC140EE11C4A6236FC35302F0DD4498B55A86987A47338E3A7F01B36E8
                                                                                                                                                                                SHA-512:17327E5D6E2BBD0516768BD077B3CE2994DD419667E615D0587E39B5106E8592C0D93953409BABE0366A632096AAED81684ED24F272EB6357E7324EB2ADE29B7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.HnJ0._.R{bb.....t"......z.......o.hd......H..\R..S..#.....vc.....&....^.WL......r..@.`....=..w....(.-......Ta.m..!....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.586770763158416
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:/G4bmB1fPIwra1ArZNrKH8gkochY2i+Ny39Ln:zbmDPIeE8sHxEhvNy39L
                                                                                                                                                                                MD5:30C60AC8C9D3CCFE48FD72A205AF9842
                                                                                                                                                                                SHA1:E76576EC3F736D9FF83F17A86444B17278882198
                                                                                                                                                                                SHA-256:310E51DC140EE11C4A6236FC35302F0DD4498B55A86987A47338E3A7F01B36E8
                                                                                                                                                                                SHA-512:17327E5D6E2BBD0516768BD077B3CE2994DD419667E615D0587E39B5106E8592C0D93953409BABE0366A632096AAED81684ED24F272EB6357E7324EB2ADE29B7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.HnJ0._.R{bb.....t"......z.......o.hd......H..\R..S..#.....vc.....&....^.WL......r..@.`....=..w....(.-......Ta.m..!....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.586770763158416
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:/G4bmB1fPIwra1ArZNrKH8gkochY2i+Ny39Ln:zbmDPIeE8sHxEhvNy39L
                                                                                                                                                                                MD5:30C60AC8C9D3CCFE48FD72A205AF9842
                                                                                                                                                                                SHA1:E76576EC3F736D9FF83F17A86444B17278882198
                                                                                                                                                                                SHA-256:310E51DC140EE11C4A6236FC35302F0DD4498B55A86987A47338E3A7F01B36E8
                                                                                                                                                                                SHA-512:17327E5D6E2BBD0516768BD077B3CE2994DD419667E615D0587E39B5106E8592C0D93953409BABE0366A632096AAED81684ED24F272EB6357E7324EB2ADE29B7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.HnJ0._.R{bb.....t"......z.......o.hd......H..\R..S..#.....vc.....&....^.WL......r..@.`....=..w....(.-......Ta.m..!....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.586770763158416
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:/G4bmB1fPIwra1ArZNrKH8gkochY2i+Ny39Ln:zbmDPIeE8sHxEhvNy39L
                                                                                                                                                                                MD5:30C60AC8C9D3CCFE48FD72A205AF9842
                                                                                                                                                                                SHA1:E76576EC3F736D9FF83F17A86444B17278882198
                                                                                                                                                                                SHA-256:310E51DC140EE11C4A6236FC35302F0DD4498B55A86987A47338E3A7F01B36E8
                                                                                                                                                                                SHA-512:17327E5D6E2BBD0516768BD077B3CE2994DD419667E615D0587E39B5106E8592C0D93953409BABE0366A632096AAED81684ED24F272EB6357E7324EB2ADE29B7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.HnJ0._.R{bb.....t"......z.......o.hd......H..\R..S..#.....vc.....&....^.WL......r..@.`....=..w....(.-......Ta.m..!....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.586770763158416
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:/G4bmB1fPIwra1ArZNrKH8gkochY2i+Ny39Ln:zbmDPIeE8sHxEhvNy39L
                                                                                                                                                                                MD5:30C60AC8C9D3CCFE48FD72A205AF9842
                                                                                                                                                                                SHA1:E76576EC3F736D9FF83F17A86444B17278882198
                                                                                                                                                                                SHA-256:310E51DC140EE11C4A6236FC35302F0DD4498B55A86987A47338E3A7F01B36E8
                                                                                                                                                                                SHA-512:17327E5D6E2BBD0516768BD077B3CE2994DD419667E615D0587E39B5106E8592C0D93953409BABE0366A632096AAED81684ED24F272EB6357E7324EB2ADE29B7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.HnJ0._.R{bb.....t"......z.......o.hd......H..\R..S..#.....vc.....&....^.WL......r..@.`....=..w....(.-......Ta.m..!....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.586770763158416
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:/G4bmB1fPIwra1ArZNrKH8gkochY2i+Ny39Ln:zbmDPIeE8sHxEhvNy39L
                                                                                                                                                                                MD5:30C60AC8C9D3CCFE48FD72A205AF9842
                                                                                                                                                                                SHA1:E76576EC3F736D9FF83F17A86444B17278882198
                                                                                                                                                                                SHA-256:310E51DC140EE11C4A6236FC35302F0DD4498B55A86987A47338E3A7F01B36E8
                                                                                                                                                                                SHA-512:17327E5D6E2BBD0516768BD077B3CE2994DD419667E615D0587E39B5106E8592C0D93953409BABE0366A632096AAED81684ED24F272EB6357E7324EB2ADE29B7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.HnJ0._.R{bb.....t"......z.......o.hd......H..\R..S..#.....vc.....&....^.WL......r..@.`....=..w....(.-......Ta.m..!....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.586770763158416
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:/G4bmB1fPIwra1ArZNrKH8gkochY2i+Ny39Ln:zbmDPIeE8sHxEhvNy39L
                                                                                                                                                                                MD5:30C60AC8C9D3CCFE48FD72A205AF9842
                                                                                                                                                                                SHA1:E76576EC3F736D9FF83F17A86444B17278882198
                                                                                                                                                                                SHA-256:310E51DC140EE11C4A6236FC35302F0DD4498B55A86987A47338E3A7F01B36E8
                                                                                                                                                                                SHA-512:17327E5D6E2BBD0516768BD077B3CE2994DD419667E615D0587E39B5106E8592C0D93953409BABE0366A632096AAED81684ED24F272EB6357E7324EB2ADE29B7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.HnJ0._.R{bb.....t"......z.......o.hd......H..\R..S..#.....vc.....&....^.WL......r..@.`....=..w....(.-......Ta.m..!....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.586770763158416
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:/G4bmB1fPIwra1ArZNrKH8gkochY2i+Ny39Ln:zbmDPIeE8sHxEhvNy39L
                                                                                                                                                                                MD5:30C60AC8C9D3CCFE48FD72A205AF9842
                                                                                                                                                                                SHA1:E76576EC3F736D9FF83F17A86444B17278882198
                                                                                                                                                                                SHA-256:310E51DC140EE11C4A6236FC35302F0DD4498B55A86987A47338E3A7F01B36E8
                                                                                                                                                                                SHA-512:17327E5D6E2BBD0516768BD077B3CE2994DD419667E615D0587E39B5106E8592C0D93953409BABE0366A632096AAED81684ED24F272EB6357E7324EB2ADE29B7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.HnJ0._.R{bb.....t"......z.......o.hd......H..\R..S..#.....vc.....&....^.WL......r..@.`....=..w....(.-......Ta.m..!....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.586770763158416
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:/G4bmB1fPIwra1ArZNrKH8gkochY2i+Ny39Ln:zbmDPIeE8sHxEhvNy39L
                                                                                                                                                                                MD5:30C60AC8C9D3CCFE48FD72A205AF9842
                                                                                                                                                                                SHA1:E76576EC3F736D9FF83F17A86444B17278882198
                                                                                                                                                                                SHA-256:310E51DC140EE11C4A6236FC35302F0DD4498B55A86987A47338E3A7F01B36E8
                                                                                                                                                                                SHA-512:17327E5D6E2BBD0516768BD077B3CE2994DD419667E615D0587E39B5106E8592C0D93953409BABE0366A632096AAED81684ED24F272EB6357E7324EB2ADE29B7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.HnJ0._.R{bb.....t"......z.......o.hd......H..\R..S..#.....vc.....&....^.WL......r..@.`....=..w....(.-......Ta.m..!....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.586770763158416
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:/G4bmB1fPIwra1ArZNrKH8gkochY2i+Ny39Ln:zbmDPIeE8sHxEhvNy39L
                                                                                                                                                                                MD5:30C60AC8C9D3CCFE48FD72A205AF9842
                                                                                                                                                                                SHA1:E76576EC3F736D9FF83F17A86444B17278882198
                                                                                                                                                                                SHA-256:310E51DC140EE11C4A6236FC35302F0DD4498B55A86987A47338E3A7F01B36E8
                                                                                                                                                                                SHA-512:17327E5D6E2BBD0516768BD077B3CE2994DD419667E615D0587E39B5106E8592C0D93953409BABE0366A632096AAED81684ED24F272EB6357E7324EB2ADE29B7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.HnJ0._.R{bb.....t"......z.......o.hd......H..\R..S..#.....vc.....&....^.WL......r..@.`....=..w....(.-......Ta.m..!....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.586770763158416
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:/G4bmB1fPIwra1ArZNrKH8gkochY2i+Ny39Ln:zbmDPIeE8sHxEhvNy39L
                                                                                                                                                                                MD5:30C60AC8C9D3CCFE48FD72A205AF9842
                                                                                                                                                                                SHA1:E76576EC3F736D9FF83F17A86444B17278882198
                                                                                                                                                                                SHA-256:310E51DC140EE11C4A6236FC35302F0DD4498B55A86987A47338E3A7F01B36E8
                                                                                                                                                                                SHA-512:17327E5D6E2BBD0516768BD077B3CE2994DD419667E615D0587E39B5106E8592C0D93953409BABE0366A632096AAED81684ED24F272EB6357E7324EB2ADE29B7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.HnJ0._.R{bb.....t"......z.......o.hd......H..\R..S..#.....vc.....&....^.WL......r..@.`....=..w....(.-......Ta.m..!....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.586770763158416
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:/G4bmB1fPIwra1ArZNrKH8gkochY2i+Ny39Ln:zbmDPIeE8sHxEhvNy39L
                                                                                                                                                                                MD5:30C60AC8C9D3CCFE48FD72A205AF9842
                                                                                                                                                                                SHA1:E76576EC3F736D9FF83F17A86444B17278882198
                                                                                                                                                                                SHA-256:310E51DC140EE11C4A6236FC35302F0DD4498B55A86987A47338E3A7F01B36E8
                                                                                                                                                                                SHA-512:17327E5D6E2BBD0516768BD077B3CE2994DD419667E615D0587E39B5106E8592C0D93953409BABE0366A632096AAED81684ED24F272EB6357E7324EB2ADE29B7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.HnJ0._.R{bb.....t"......z.......o.hd......H..\R..S..#.....vc.....&....^.WL......r..@.`....=..w....(.-......Ta.m..!....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.586770763158416
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:/G4bmB1fPIwra1ArZNrKH8gkochY2i+Ny39Ln:zbmDPIeE8sHxEhvNy39L
                                                                                                                                                                                MD5:30C60AC8C9D3CCFE48FD72A205AF9842
                                                                                                                                                                                SHA1:E76576EC3F736D9FF83F17A86444B17278882198
                                                                                                                                                                                SHA-256:310E51DC140EE11C4A6236FC35302F0DD4498B55A86987A47338E3A7F01B36E8
                                                                                                                                                                                SHA-512:17327E5D6E2BBD0516768BD077B3CE2994DD419667E615D0587E39B5106E8592C0D93953409BABE0366A632096AAED81684ED24F272EB6357E7324EB2ADE29B7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.HnJ0._.R{bb.....t"......z.......o.hd......H..\R..S..#.....vc.....&....^.WL......r..@.`....=..w....(.-......Ta.m..!....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.586770763158416
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:/G4bmB1fPIwra1ArZNrKH8gkochY2i+Ny39Ln:zbmDPIeE8sHxEhvNy39L
                                                                                                                                                                                MD5:30C60AC8C9D3CCFE48FD72A205AF9842
                                                                                                                                                                                SHA1:E76576EC3F736D9FF83F17A86444B17278882198
                                                                                                                                                                                SHA-256:310E51DC140EE11C4A6236FC35302F0DD4498B55A86987A47338E3A7F01B36E8
                                                                                                                                                                                SHA-512:17327E5D6E2BBD0516768BD077B3CE2994DD419667E615D0587E39B5106E8592C0D93953409BABE0366A632096AAED81684ED24F272EB6357E7324EB2ADE29B7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.HnJ0._.R{bb.....t"......z.......o.hd......H..\R..S..#.....vc.....&....^.WL......r..@.`....=..w....(.-......Ta.m..!....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.586770763158416
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:/G4bmB1fPIwra1ArZNrKH8gkochY2i+Ny39Ln:zbmDPIeE8sHxEhvNy39L
                                                                                                                                                                                MD5:30C60AC8C9D3CCFE48FD72A205AF9842
                                                                                                                                                                                SHA1:E76576EC3F736D9FF83F17A86444B17278882198
                                                                                                                                                                                SHA-256:310E51DC140EE11C4A6236FC35302F0DD4498B55A86987A47338E3A7F01B36E8
                                                                                                                                                                                SHA-512:17327E5D6E2BBD0516768BD077B3CE2994DD419667E615D0587E39B5106E8592C0D93953409BABE0366A632096AAED81684ED24F272EB6357E7324EB2ADE29B7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.HnJ0._.R{bb.....t"......z.......o.hd......H..\R..S..#.....vc.....&....^.WL......r..@.`....=..w....(.-......Ta.m..!....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.586770763158416
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:/G4bmB1fPIwra1ArZNrKH8gkochY2i+Ny39Ln:zbmDPIeE8sHxEhvNy39L
                                                                                                                                                                                MD5:30C60AC8C9D3CCFE48FD72A205AF9842
                                                                                                                                                                                SHA1:E76576EC3F736D9FF83F17A86444B17278882198
                                                                                                                                                                                SHA-256:310E51DC140EE11C4A6236FC35302F0DD4498B55A86987A47338E3A7F01B36E8
                                                                                                                                                                                SHA-512:17327E5D6E2BBD0516768BD077B3CE2994DD419667E615D0587E39B5106E8592C0D93953409BABE0366A632096AAED81684ED24F272EB6357E7324EB2ADE29B7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.HnJ0._.R{bb.....t"......z.......o.hd......H..\R..S..#.....vc.....&....^.WL......r..@.`....=..w....(.-......Ta.m..!....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.586770763158416
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:/G4bmB1fPIwra1ArZNrKH8gkochY2i+Ny39Ln:zbmDPIeE8sHxEhvNy39L
                                                                                                                                                                                MD5:30C60AC8C9D3CCFE48FD72A205AF9842
                                                                                                                                                                                SHA1:E76576EC3F736D9FF83F17A86444B17278882198
                                                                                                                                                                                SHA-256:310E51DC140EE11C4A6236FC35302F0DD4498B55A86987A47338E3A7F01B36E8
                                                                                                                                                                                SHA-512:17327E5D6E2BBD0516768BD077B3CE2994DD419667E615D0587E39B5106E8592C0D93953409BABE0366A632096AAED81684ED24F272EB6357E7324EB2ADE29B7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.HnJ0._.R{bb.....t"......z.......o.hd......H..\R..S..#.....vc.....&....^.WL......r..@.`....=..w....(.-......Ta.m..!....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.586770763158416
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:/G4bmB1fPIwra1ArZNrKH8gkochY2i+Ny39Ln:zbmDPIeE8sHxEhvNy39L
                                                                                                                                                                                MD5:30C60AC8C9D3CCFE48FD72A205AF9842
                                                                                                                                                                                SHA1:E76576EC3F736D9FF83F17A86444B17278882198
                                                                                                                                                                                SHA-256:310E51DC140EE11C4A6236FC35302F0DD4498B55A86987A47338E3A7F01B36E8
                                                                                                                                                                                SHA-512:17327E5D6E2BBD0516768BD077B3CE2994DD419667E615D0587E39B5106E8592C0D93953409BABE0366A632096AAED81684ED24F272EB6357E7324EB2ADE29B7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.HnJ0._.R{bb.....t"......z.......o.hd......H..\R..S..#.....vc.....&....^.WL......r..@.`....=..w....(.-......Ta.m..!....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129
                                                                                                                                                                                Entropy (8bit):6.586770763158416
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:/G4bmB1fPIwra1ArZNrKH8gkochY2i+Ny39Ln:zbmDPIeE8sHxEhvNy39L
                                                                                                                                                                                MD5:30C60AC8C9D3CCFE48FD72A205AF9842
                                                                                                                                                                                SHA1:E76576EC3F736D9FF83F17A86444B17278882198
                                                                                                                                                                                SHA-256:310E51DC140EE11C4A6236FC35302F0DD4498B55A86987A47338E3A7F01B36E8
                                                                                                                                                                                SHA-512:17327E5D6E2BBD0516768BD077B3CE2994DD419667E615D0587E39B5106E8592C0D93953409BABE0366A632096AAED81684ED24F272EB6357E7324EB2ADE29B7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.HnJ0._.R{bb.....t"......z.......o.hd......H..\R..S..#.....vc.....&....^.WL......r..@.`....=..w....(.-......Ta.m..!....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):14336
                                                                                                                                                                                Entropy (8bit):7.4998500975364095
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:5cFP7VtpK4p+31Mzh79W5vM+ZyUgGq4BtMvAxXCRsi:A7Vf9p+qQ02y5HW6kX
                                                                                                                                                                                MD5:294E9F64CB1642DD89229FFF0592856B
                                                                                                                                                                                SHA1:97B148C27F3DA29BA7B18D6AEE8A0DB9102F47C9
                                                                                                                                                                                SHA-256:917E115CC403E29B4388E0D175CBFAC3E7E40CA1742299FBDB353847DB2DE7C2
                                                                                                                                                                                SHA-512:B87D531890BF1577B9B4AF41DDDB2CDBBFA164CF197BD5987DF3A3075983645A3ACBA443E289B7BFD338422978A104F55298FBFE346872DE0895BDE44ADC89CF
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 83%
                                                                                                                                                                                • Antivirus: Virustotal, Detection: 83%, Browse
                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                • Filename: Document.doc.scr.exe, Detection: malicious, Browse
                                                                                                                                                                                • Filename: Rcqcps3y45.exe, Detection: malicious, Browse
                                                                                                                                                                                • Filename: LBB.exe, Detection: malicious, Browse
                                                                                                                                                                                • Filename: lockbit_unpacked.exe, Detection: malicious, Browse
                                                                                                                                                                                • Filename: maXk5kqpyK.exe, Detection: malicious, Browse
                                                                                                                                                                                • Filename: maXk5kqpyK.exe, Detection: malicious, Browse
                                                                                                                                                                                • Filename: abc.exe, Detection: malicious, Browse
                                                                                                                                                                                • Filename: 55Seo_SeungJoon44.docx, Detection: malicious, Browse
                                                                                                                                                                                • Filename: 55VpD64eOy.exe, Detection: malicious, Browse
                                                                                                                                                                                • Filename: 0rzZX3x868.docx, Detection: malicious, Browse
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....YPb.................,...........9.......@....@..........................p.......................@......................A..P....`...............................@......................`@.......................@..`............................text....*.......,.................. ..`.rdata.......@.......0..............@..@.data...`....P.......4..............@....rsrc........`.......6..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:PC bitmap, Windows 3.x format, 1280 x 1024 x 16, image size 2621440, cbSize 2621494, bits offset 54
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2621494
                                                                                                                                                                                Entropy (8bit):0.20453955062285412
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:GKm71jTv37T1BNrdVRd3fF3bdJf7vhpnzBxD1fJ/tBfJvTLtFFdF9tlFNtnvDdFT:2
                                                                                                                                                                                MD5:A3AECEE7948170362B7B6246B47BF87C
                                                                                                                                                                                SHA1:39B37963BA3150FA6A596467791C6050CA57A840
                                                                                                                                                                                SHA-256:5E4964DC7A7766F19DFFF38B57CD3A165D4410B8FB55AFED7A90FBC50619658E
                                                                                                                                                                                SHA-512:96F8F0313E648DA551D238D1A78DB8C7335D75DEC9D8684C635D679A2B263703073558F9BEBD3FFE05BB009B81926DB781FD8BBFB19EEAD530A12FAB8C0D2000
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:BM6.(.....6...(.....................(...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):15086
                                                                                                                                                                                Entropy (8bit):4.262047636092361
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:jpBaAlHSa2vU9G/8MMBD7O1lXFMB8VMJP7:jpjmkMYD7IFMRx7
                                                                                                                                                                                MD5:88D9337C4C9CFE2D9AFF8A2C718EC76B
                                                                                                                                                                                SHA1:CE9F87183A1148816A1F777BA60A08EF5CA0D203
                                                                                                                                                                                SHA-256:95E059EF72686460884B9AEA5C292C22917F75D56FE737D43BE440F82034F438
                                                                                                                                                                                SHA-512:ABAFEA8CA4E85F47BEFB5AA3EFEE9EEE699EA87786FAFF39EE712AE498438D19A06BB31289643B620CB8203555EA4E2B546EF2F10D3F0087733BC0CEACCBEAFD
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......%............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):239
                                                                                                                                                                                Entropy (8bit):7.072613657288112
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:6/yxngSNq1gf3//HinJmQ88hXKXqrnzo66uoxTQWryJJ:6/yfNyyHiQQ8YaaDixTYJ
                                                                                                                                                                                MD5:DF36CCB3B8E94CA66BEF44EB48A5ECB8
                                                                                                                                                                                SHA1:D455B7571FCD34D9CD9BBA73D5170D71EFD0C94B
                                                                                                                                                                                SHA-256:31FD1EFB0E363A81FABCB883B4AB5BD34B60603D8F18B71B10B5928A292DD0E9
                                                                                                                                                                                SHA-512:5892D974652ACFF2C5360365F477AA7853B1E54A6D1FE8354B42D6E7E35BFDAD33FB7DD059902B816AB3D36AB5EFB2BD9D80E84380069DE95379F941540846AD
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:....V..].4\.....k1..%...hP..A.....D....k...'.`L4.uR...x.j5.3.Q.../{.s...R@.I..<R..\...be.i_.<.}.*.a...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):248
                                                                                                                                                                                Entropy (8bit):7.1470266914162135
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:50SO3Xv4PzvdkqM/Hjq5TnBhXKXqrnzo66uoxTQWryJJ:50HgvdkqMPjkTvaaDixTYJ
                                                                                                                                                                                MD5:6D636D90610F10733DF0B0385435994F
                                                                                                                                                                                SHA1:82C019653EFC0B5785A935043F3395C4476B2E14
                                                                                                                                                                                SHA-256:2C6B90B54F4B431EBDE8A9C017546D9D00F6983FDCD97450207665D054B4B76F
                                                                                                                                                                                SHA-512:CA94F0EE7948038F443BED125DCCA74D24CCA2C87BD57198F68584E87C82DAA94F0D34E9F23311E7F76CB80C75E945CA1E2D3A8D1DBE16328C6C0874A2825F77
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:T.y.S#e./-$..N?;.4j....`..6..%...h.U.A.....D....T./K.......6..)%...4.T.V..G.6g)S.2...\v,om....3.Wnm./.Ky.R.{.b...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):45286
                                                                                                                                                                                Entropy (8bit):7.995935474134832
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:V932G1C15rZwhIrhBwArn8ZYDKjNZB7o+fpwNl6Pl6F7TV4Z/qlcpV6kOB1B5P:VAGo5whceKDYXFHBwNl6dg+xqkV6kOfP
                                                                                                                                                                                MD5:B84641C56CA82899AF00CC2F948ABA76
                                                                                                                                                                                SHA1:D2E447E7E0A6A7477A46709B14903812CBA321F5
                                                                                                                                                                                SHA-256:39F0405366918DA0B36701C073CB6BB32E5BBDBC9829472FDA44A13DEA637171
                                                                                                                                                                                SHA-512:E7BD11345E1936E7252267A30E1108A165552048FE79D9E2C8E3ECCE92E96F34353356746926F672FD2F14937E7B008D4E7312775EF29A9033618B0A09658607
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:pIY..C..<..<o.,S.n.z.J.1v......|.14cX..E`.%.;D....T..sK....5...[t..3F.9...Z8....U. ...'...>.u.......wV.....k......a...)q.Ee..73.4......X.]\m.N.6.x...Y.}.~|..M..W....E...Z\zOR.1.D1.<.z..... ./....@.~.........?[.....,...2c.q..ZW...dZ.....BG.J.3b#.L...bG.5*.`qx.z_?*.\.1s..+u;%D'.*..J2x8.<>.+..YoU.\.Kb....OA..d.L..yY&.S..Q.cQ.T..SL....$..U~.....eC......D.?.3.....yENn..,O..@...y5...|{6G.0Y|...R].$...sS{.z.y.&.....9(..z...X.....T&.....9.Z..!.l..rJ.0.i.E.H.3eh#8B....\ ..T..K1f.....=.....|:d...'/...0wdR...!..X.).-.c.L...`...9\.6S..DD..Tvv...rnfr...aYZ}..G..oVmc.*..DPbwX....2p.g[...If..=.....Z.!.6.".8i......n.b...i_.[...Z.....L..E.Su.U|..a.{...>......T.u?..?l. dd.BM[M..?.HL@[@..t2...w.O..8..2._...l...IIV...9U..3nHx...(.G...j..w.=......5.~.../..:...{..<.<....=..2..Bm0?.dQ....l.]%...0.M..;.5"r.(7..Cjy.?.....D.(o.p`...H..w,B..l]H.f....(0w.B.e\gE..S....O...P.%.....-k..UZ>...U....1J.w.R.o.........d....DK.J$Z..\......A..aa*.B.[...1.?,..C.J...81..."..nSY.%..
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):270566
                                                                                                                                                                                Entropy (8bit):7.99930702565722
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:6144:GuGhwi6K5+M3iHJXqtayuhCOIn47aZryu6KWupELU+WPlTj3M:oP6Kk6iHJXqHJ747aZrR9Ew+WPl3M
                                                                                                                                                                                MD5:5406D6D91BE0CF32E1F44FEA97A78AA7
                                                                                                                                                                                SHA1:F917DA77089913337F0D96AFA4E96C802B96195C
                                                                                                                                                                                SHA-256:55E08AFE198FD48ABB963FC8400D550F1A2EA1C4076894932016729EE43924D7
                                                                                                                                                                                SHA-512:3D4B3E030083694B0E132765C7A6F575D503490F68C6CBD43D6C2C74669A683C8F07418644DC7F000D80C509759955B275A1058E7EB35271D360DD2337C3DFFB
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:K~~XS..~~..q.:0.%...c.R....}.X......].....@.oh..G..Ha.<-GI.~...WHue$#5Y....y)S.\.F.....nq.u.=|J.G2.Dp...v.95...-..]..}hN.dF...JI.qR[..)e.9mi;u.f.......n..us.......h.......'../..A....."xC.f...yJX...O)`.n...<.W..6...HR|EA-o]3.K.rP..o._.i@.IjP.4.........."..>...:..Z/Hg.H.....h..H.0Z..3|...-...40@.7V9..|........B..Zs..0.....n...#^.j...V.#..Lk."...+;..}0z.R5M.".....Z.d.....$a.l(.......=...m....*.j#...?....%4..8...}..U&.m..q...8...)Iy...P...$..'.}8.....U..2.f%lK.>.Kz.A;lY..nx.....@...!n$C.....Sv{......z..%...,. .A6d.{.v(k...~....S...6.N.....V.7QQ.....V.6....h/M.....'...?8.....{.=`qu]F.....y.06.$.u.t]..?n%..6a..'T......(r..........i.}?..0i...eh6c..|.}.....=.L..\@om).z=.+.qc.'.}D.+~...3....Ie...0...0....B...-}.Z......p3...j{e....B>....g.......k.5..z.8.5....}.}..OK.0Fm......u3/...L< b....[.a.Z.k.1"..g.B.x>^..e..h.f...S../S.&.}..]....]a.QS.E.9:...C..%..8.Uo...8+_'..:$E..3...L8#.`.Y........&.E.?d..X.W.....|v.....T.!....r..*..x.(.y.K..4......
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1056998
                                                                                                                                                                                Entropy (8bit):4.951625377483584
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12288:h403+04TBrHeTLM4ASnKRfxTQS4geyIJJ4sbp6HeaNtWICfhcsxj9:h403aFr+3MsKRfZQS4g45965PHCJ/xJ
                                                                                                                                                                                MD5:5BFD10C9195CC200130E435034421A0B
                                                                                                                                                                                SHA1:0B066AA5EECE7A82380C0032571C5461C0794DC9
                                                                                                                                                                                SHA-256:2A64A0B33040E6F893BF503F9200B6FEC235092E7D099104CA3DAB66B1CBE418
                                                                                                                                                                                SHA-512:CD0D600C6E86D11A8E7AD9C757AD9A6CD3816F3A56BB5C70E1F17C4ACD515EEA815674CB82ADA8F19B2713603234194C33591B97903EABC1DBA62284FF8ECEA9
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.'... .....'.X/.z]_.Do1....'\.5=.......y}...m.z....P.f.[..0)..T.{..*n..w........H.CO.3*7.W.Ygj....7.....o.w..F..|.a...>v...s.-Q..^.......e..3W..._......>Cb.....b.S.d.2....`....#z....8K....Y..O.X.....:...03H.....r.....Y..........v(.n.-..*[.7. ..Ll$..".qG..:.....].9.uv..L.....C.l....U..&.{.. ....Za.t.W9..*V..jH..N.V$..=.......z...E..N..x.g.c..4.v.Y.~}u#....%?/]."-.=<.H...._......j.5...X. .R .q.j..R. ........Y......@.z.~HM..>.{."1..S.f...1wJj.aW..x.j0c..BE...?.)......$..G..G..4x.].n.1y.L.t..<....jEE..)..p...B..L.M...%.....c.!.8D. .....bF..].h..X.J./.d....C.j.},P].7.:P\.!S..}..s..!9.{...x...........k..I..y....%8. .]q(..1o..m...........eP.K......+..>..p..i..O*..4...xt....q.m...Y.\...n2.%.....a...J..,..U}.H.....xOU.^...B2P.....W...0/].D.Q....D.~..Z*M.....fg%)..c*.W8q.AS.Jb..5...UK./n_....!.{@Z......i.W...js.iR..^.C.?..S..b...<o26...o.D..'..E........N&_a...A.D...YX.8..;*....Y..q%..f:U.E>...]8.`Bu....#..}.[(.... n.qS...V....^...i....U(B.+..p.#.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4202726
                                                                                                                                                                                Entropy (8bit):1.5353018411820218
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12288:33AgQMFsP2zfKkYFdAdAjXw0tGoaQS9H0pq7VaOq+ySv:HhQMFsezfKP/AdAttXa/9U6/mSv
                                                                                                                                                                                MD5:09C0A9AA9464822C35AEAEA40C88A903
                                                                                                                                                                                SHA1:E586E204266B5F8886BF3C24088B5C1C0D21F0D5
                                                                                                                                                                                SHA-256:9CAF396AEC97401A6F9DFC8CF113D197680F8DB56D1E8068D6F7EC7E7869866E
                                                                                                                                                                                SHA-512:632379ECA3C544EB0F994804059F87FF3CA13BE398554515A955728DABA6F8E44C9E919EFC5E6BCA251C47177A743C4A79B9593F082ED5AB6B1C48E3C7EB6F0C
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..V.... 4.."I.y....h.....D..?]-...hP.Mx...^n....$.......Y7...hz........:.?D..yH.!,.}eg7..5..E.........<.Q..."U..z...y$.....y.. [1~....K~.).F....m....q..KA...........w6....Ft.....H#.j$.3.....~...P.d...ve.W......o....a1..fD...bEM$.F...H.i...s"...z]..!.>.;....... 4.6...@...a.Q.....%....8.c0(..u...mG.O|..{_..X.\qdp...i.Z]..F5.a.y...e.dj.o.....U.P.K....]q.9 ...y....S>...E..W...*.Ih.y.:M.b.r]L.Ybka..zQv6p-N..t.0..c...O...m..l......U.do...V.U..B.1....t.......0"..e)!.#.-p~..".U..`S.J.3|...P../.A.....R!....b.].nW...........V.5.h..y.v..I...#_|..B...Z......-i.B.kd..{.9fM).6......Ht.[.......u[....n..a.P...3_......G.x..W..pub..[..$..Q.W.uu.1...F.&i.M>d..}.?`.u...4:t....hU...&.......w...su.X..H..s.\X..ArQY>...q$ .O.%.&.H7.........n...3...1Tmg.....*...0t.....8.4..RT.,....A.J.8lG.X;...q.T........H.i..v/.Xr.4.....f.b.C...be5.B...+.*...|;...N..c..@pr=O....F.b..\...J.D.M...F..s..B..eY....N.."a.X@./.)...q...!?|U...ch9.|...5a.v...U..[(j.y)...U.a_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):524885
                                                                                                                                                                                Entropy (8bit):7.999608979982554
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:12288:OMFdHCqYxjUHgPCt0GPzvt0xgQGitRHuGcPuuuHK5:OMFVm8gPCt08zdXitRHa2HHc
                                                                                                                                                                                MD5:742D26E94C9598C64508CD8CE735BB95
                                                                                                                                                                                SHA1:832B6FFA1DDF0154687C9F411866391CE6C2D3F1
                                                                                                                                                                                SHA-256:999FCA3F5F6D1D6832BBA11FA87A2ACA3242843AB692EE9708B3ED6DC8149C5E
                                                                                                                                                                                SHA-512:D85AEEDB56E3213167F5CE09EDC7840244B2851E509338F00C4F09C73465A10E6F8A1D6C63462F05B462CA81E2E87D25D6AA68FF57929B5E06A98BDC491D2460
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.G.?.b;.@'-...!..Q...^....K...w......./..go.-Vvx..`a.d..]f.w./..p.o!.>..R.......g.n>6.hT....q..f.q..=....U..2.b....t:_.."e...c..0.CY]k.L.8=(.S.H.v..P.n-.z.yz.q&.............H^}x.x.5IW4..&,..?.o...u.p.u.W..3....y..E...4..J...]+...D.F....(\......M.5.d..{.[;B..D......1.._....T'..T.F9.n..g..W..$p...Njj......82..%c...l. .:.....#..F..*..'.U.n...$H.^w..aK....o.Bb.7.<..=...Z.HM.s..r.@.`U......k...`...].....)>pc..........NH.`..y....m8.RP....0.r.hm.... :Y=..G.."...'.....5..f.>.....>.............(B.....A.ly..'.8.k$o.D.#.9..'..-..Aq..06..9......8.U.0\5W6.6......XcR..,....Uz......a..H>@.)......o..=,.rB7EiX%V....#...bG...O...r....1._.0x.Y.}.l...j.?(w..+.<tl...j.3.7......._..(....s$=1/>.V...X.....#,..}./%uv......Z....[..i._...(...d...."..Q.R.aL5..(.E1.HW}...t.-..)./%h#gP.9.B...z...w.....=..!..q.e.U.......D<.......9.h......I..<>de.,.s\^L.P..89M.u.....y.sH...m..sw.2..d.......c.B.2JY....q.)d.V.L9u.3L'.gL.=`....9.*$$AM..G.L....c..IX.w0....o...g.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):458
                                                                                                                                                                                Entropy (8bit):7.490017375751293
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:Ax+GQASCKS3v/20NHGaC+ogL/T6CnaaDixTYJ:TAsSf/RNmaNogLb6E2xs
                                                                                                                                                                                MD5:FD3E6E0F243A7A1A984E4AF13608F2A2
                                                                                                                                                                                SHA1:887D35ABF6210AE6E6F9594820C156B76824BE54
                                                                                                                                                                                SHA-256:39E3FF01347EAB9B37FA75ABD21F33B664B2256D9E48FD6C1188F0A9AEA891FC
                                                                                                                                                                                SHA-512:21C737F5F9423EAA8CBB44DB7CDB9E5BE28262AE37BEC42C4321A5C716E035D7510B1EBA8C14A2473EE989272930E69D8B14D92D31F5B8A685D806CC71D9C657
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...|.<.."A..".g.}.~.e..5..P..a{.......B.rv5...r:.*..2L..C.G:....o....k.{...!.\U.3.[.*mR.>..'>B.....h.o...}....(..3d0s..J0m ..b..^..k!.26... _E*k.....).^..CJ\...b.nY.5.....U.W5.h.w........d]..J..6..1oD;.L;.m.4......P.U.#...UY.fC%a.......u..{+4=L..I.2./.#F.....z.6E.<..F.<.V...U8..:*...8.l...X.......g^.n..p..jI.Y..s...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):466
                                                                                                                                                                                Entropy (8bit):7.55734328876816
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:rVWsHDMZBPZ7Wd0vTnHDeRnoArjrIMp35PRKnaaDixTYJ:hzDwZ7Wd0vTHDEj0smT2xs
                                                                                                                                                                                MD5:6674804C20B387B9430643D4C5F8FB4E
                                                                                                                                                                                SHA1:D537ECE6D32DF0561DA999ABCE66A945AA049951
                                                                                                                                                                                SHA-256:D6F6CD2F85A9D08E9E51B7E461B69F131C2FBC414B1C0F69B51FE5A15CA8330F
                                                                                                                                                                                SHA-512:84CB8C086065ED7BE6EF8E18690ED39F4FFCE5351527CD062B8D5E0EC01EC361767815E06514FD1BFE0EAA92C66AA94948AB5753BE859DCF5799210EEBBE057E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:7#..Q...j.>...|.........{..GZ._..N{....3..**....p.4....D!..x..+.....Q...k...=.*W......c.0.Y.\...=..#.D...{.N)}.K....k.B..E......5n%.....m._i4.1....-..0-..<y.v...:.........snc.H..$....T...7.4...k.....2.39.=d...4........2..;...d0..D..~.D....T..{y4=O..J..2.{.q.G...[...y..-.'..:,...'....6o.i...+...........<...p...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):420
                                                                                                                                                                                Entropy (8bit):7.437629396493612
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:SjE5lFO9IRPurpA/qucc03M1wrF6nSIuuKVhXa7v0W5wwF+wXKXqrnzo66uoxTQ7:LEG9WpHrgSIhKq7v07wF+waaDixTYJ
                                                                                                                                                                                MD5:361A29441EC69913A0CCEAE538BC0188
                                                                                                                                                                                SHA1:77D4FA62461E86B8244336EDCD419DE63892176D
                                                                                                                                                                                SHA-256:65EAB07089D1B47D9BAE704E3BB951EFE334593F63C2327A3C7035A33FEEC799
                                                                                                                                                                                SHA-512:33A445645B071BF5E9E5192B7189D84A5F88CFE058860B4C21402F8F1986722E0465C5A279AA7CCF512D49325224D29384FF7CA9454D9F8AE1C389DEF3A91326
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...T...a..3...,...fm8....%..z"...!..k...yS.(.a.........lFl...~..c.pO.m~.&'.....rmH2.kGy:OL9z.'z..01..Z.....Ti>i>.].../8...H.........@..i}nXB.?+.=..G..i.....|.E........4.....&.5..".....0..l.w...D....T..xy4=O..J....8,...h...@.R.n..I....V.i...vjp.Z0p......_v,:.X.X..,h..UnPl...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):498
                                                                                                                                                                                Entropy (8bit):7.571229122889065
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:XcF0s3LDef/yVb4dZjFDVXQee0sZPiepYj5f1Q5+nmjRHzLLcSAPejhXKXqrnzoQ:Xds3LDe3jNRESeGFS5+6JjjhaaDixTYJ
                                                                                                                                                                                MD5:166CA36EEFCB536FE138FC7C11CA819D
                                                                                                                                                                                SHA1:3C539F0E601A80140F10FD28BF8CD4054E0FBB85
                                                                                                                                                                                SHA-256:35B63C5C4D2838EB1C05862B57472E34EE13AD94DBA75FB3BB9E4BC56CFAC7F3
                                                                                                                                                                                SHA-512:1412610CB44E6454A012C3F1BC9B65ED4A623A4450AEF85534861BB4520CDAE071B1EA8E23F0C1FDAF897DB12D00E00202C2884CEF997F5BEF4C0C97BEF19EB8
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:c...........#.,-.6........\....:.....,.......A.;...........y.0.9../..R.....>[A........2....0{....y.a.%.>..VL&R......qP....o.[7.`.t........t......Q....4..Zzp.@6VS.C.16ryg.'.Zjwny...Y'B.,o...'..2...i.C~..~.>..E..Gy.../.P....]..........4...r.A..6..F..R.d:a.u......e.5T..)y4=L..J.1./.8dY..d.;.<d....B.7F/.,.&.+l.f....~Tl..p.f..........7.$'..(8{..ur...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):445
                                                                                                                                                                                Entropy (8bit):7.469576417544073
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:8hPRe81Wi+XnflqhUqfv4oQ0PTAoonO+v7UBerZ3GHnqyEnXKXqrnzo66uoxTQWg:QPReE0fLqXlQ0Xu4BerJGHsnaaDixTYJ
                                                                                                                                                                                MD5:A46B054A1F401B82F1997D2672C8A3FE
                                                                                                                                                                                SHA1:4E81B760580FBEC40781B21391088BAD77716AE8
                                                                                                                                                                                SHA-256:A22BD536D9DCF66FFC4D73BDB6B83B6BD492783F3ED1659795D7BD6E9FD34BE4
                                                                                                                                                                                SHA-512:3FFE08B88E74707DD3D506527C4D01C7EBF0F0EE55FBEA974B716D4831B78B1A880E1024FD54FA0B77331DEAC5D94CD09417B1A3E48A8C83E322255FCA9B29DA
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..$o...'{...bQ...M.p.....L....%..sC.....$*.0..X.*g=...f'..;j..'...)V.......z..`KG.^:.y*.`....K........u.X.Q..{T.-.Pq..9_MoQ[A.v..b1.&.y.$.6.....Q.... <V#...@m.'....(~...cQ...xG?'.&L.......Z..4^.....P\l.....`d..&.........T..{y4=L..J.2...).>...{.i.{nm!..8....f~..%.h#.d..wA|.v...l`L.ab...s.LP.`.;E>q...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):442
                                                                                                                                                                                Entropy (8bit):7.50604192842681
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:agpU9vzEsbWJjz5mhXOb+HG/Lp/maaDixTYJ:agQLEsbWJj6M+HG/Jo2xs
                                                                                                                                                                                MD5:C0964FF7E0A160A5D3FBE5BA300C584D
                                                                                                                                                                                SHA1:ADF39DA5AC1D0B1D0350CB4CFF1EC8D268D19B23
                                                                                                                                                                                SHA-256:8C3ED10410F52EB59A6C9BB2979E681CDEB17E91A9D8A62C5BD1932A4890E2F1
                                                                                                                                                                                SHA-512:5A55548D11B006C94377ADA042EEBE8178FF332B85DA7A10D9589C2F3623087FE044CFB67BDC5C0B425C5CA9503C4DFE4EC4A7D789CC447A15B0DC3FC657F273
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:A...W.Yk.u|...(..".Jt.?..h..m.mW.....rRy.o...b..2.4~.("..b[..l..Gt.W.elf..Tt.[<7cK.V..F.i...V._.....v.#9...W.1..<1..d..R+......7..P9.m.K../.J.%..c\.)....Mk...y. ....EZU....~.".. 9.4X..4].kB.0.....D.....3".s#.~..D....T..{y4=O..J..2...z."....<.......D9....t.i.Z.........O.?..rg.;..[1V...8.....zp...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):461
                                                                                                                                                                                Entropy (8bit):7.509139028444723
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:u1tqKcqdH9RmX/8NgUY2t5IhUtWAVrziIfaaDixTYJ:u1YKdH9wkNy2t1tJl2xs
                                                                                                                                                                                MD5:2580FA9CA70DFE1AC47B12FFF264FD17
                                                                                                                                                                                SHA1:6053728D7F26FFC26F032A932FE063B542BD2518
                                                                                                                                                                                SHA-256:379533F861B48D32D6C54B56203547A92C9739BA5B3D06567908F8BB75EB974F
                                                                                                                                                                                SHA-512:0DB874ADB72DE4CB6246EB32A873F4A0D0D9FEED09DD23E0DBBB5A3C9FC6FCF55557DEE23B72F9C6162756577076880AB1F4A488C7A083E70B6C0DACE5F3E27D
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...(.:2.6(P.I.]...|...Y.e..s=D.H...bo...bt...U..V.i.}.w......q.`.U.w|.q...v..wh...X..wH...D..#w...=r....{...D..6.]..W.HS..;.r...I.[...U,...(........F..."....Y:.x...p..j.......(.?....8K..........Y!&.{.h.H..T.'.4Y....Y....;...YQ..y...F@...T..{y4=L..J.2..(..m:9a.._.h..8+...E.fz.P.....m..a..A..ySEo.&.......0+7...iiq...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):467
                                                                                                                                                                                Entropy (8bit):7.541393296919204
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:MlKecuF7hLAS1XK7UHOk3KuugSJV8aaDixTYJ:mFhM7k3IVK2xs
                                                                                                                                                                                MD5:D06076BC7FC86A079056F695636C3C0D
                                                                                                                                                                                SHA1:022355F1325D9F112BB53A6456FE5C8FC205913C
                                                                                                                                                                                SHA-256:F5369AC3DE5E56802AEC5FEBBA24F9AA24BF45A8F30AB34110192C530948F26E
                                                                                                                                                                                SHA-512:8FC49259E7DFCA232300E2D4723F6B93D00615AFEE0479EDEAAF46E2999DB35694B38F2CE6BD3482E5E3EA14D3A66301AAF26DA57DAEF764A02EB426E3FE9347
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.....0.L.9hh^c)....vm8.$!...6M8..4....!%..)9...N.^S..X..S.??V....y{.#T....@o7.i.4s..|.v)...dm;....Dl9..[3N.*....7..S..U._yPO.;.].....G...t....Z}.j........?v...../fO.\..L..[..qw....m....g..Y.Q.N;.....5.[.+..4......P^S......Pd7.H....F....T..{y4=L..J.2....>.....0l.m..3.!....".0.r."O..C......+.h.@.0W......X..#....q...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):461
                                                                                                                                                                                Entropy (8bit):7.524526412240382
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:nCRb0FNsOh/GOG5sEQwCIuwfG0Ec1paaDixTYJ:nSAXs8/G55sEQ8u2fL72xs
                                                                                                                                                                                MD5:C1027CB04FD197002CF1FA9624855B4C
                                                                                                                                                                                SHA1:2AE13D79F5D530D2262FDF95667D940679BA42A7
                                                                                                                                                                                SHA-256:18BB9BCE1FF1DD8454C1EC40D7EDB14F38148453BCA93B6A9F71684689E57A33
                                                                                                                                                                                SHA-512:7B753F87D98520BC2E0A621E455D1620FC0D9C8D9F521E19E1C6A03B8FCD9D24A77707210283554E6336EF8ABFF47E984E04637E6DE8BB758D20F94143670DA8
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:i.!........."mG0.t.=..?...bA..T.;.y.J-^...........~.5..>X.x..:.Vk..m..i..3....\1..g.........`...<../%.F..ZD....{6 }......U...S..9.B..\..t.ZR.KU...@c2..e*|.`...gAaZ.{e...m....<Vt/.B..:.T.....'.-......4......P.B.E....e0..e....q.%.5T..)y4=L..J.1./[T'..3..U...D.&%>......q.-...@..yP"`.q.L.;...........4e..g.XEr...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):469
                                                                                                                                                                                Entropy (8bit):7.545337512735661
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:46SbP9Ybfv4ZO15cQsrIVL9/UFaaDixTYJ:/c9YbfvXc5rIR9892xs
                                                                                                                                                                                MD5:0450ED3DDE64E037794D32AF3F5F9B70
                                                                                                                                                                                SHA1:99C8917DB145717AF8451760067A646490C0E24B
                                                                                                                                                                                SHA-256:337A13CA1DACEBBF1D9676136A8A3005561B56C23004A56A4F5352451FD4D7CA
                                                                                                                                                                                SHA-512:937C1BB95BBC22BA2DFC2AD8485D554A7C312D3C0C4A29B57CB50784DC3A09160BB264F66E6AFBCCBB280DDF589B87DA22C06CAC9C0AEBA5E1E274DFBAD0BA7B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:}0A'\u.s.....2F....g.C.b.Pd...r.<EkG.%..a`E..v.eW..VB'.y.w.....'/Q...Y.I...1G.v@...#...,.QA./U.bnC...kT.......Jy%.j...j'......a...J...<.e.....x....<&}..~.S...A.Vn...Ko.G.kf........k......lz.. ..o.,.4.e.L..k...4......i5......I`.........%.5T..)y4=L..J.1./|j.X.._6..S.....0Ri:5#[{L{.ojm..6.^.D..gc.{=.\.m..N.]9C...r...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):460
                                                                                                                                                                                Entropy (8bit):7.471593728290957
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:UZi2VPnbOD7h+2LfQFx8WimDIzIaaDixTYJ:UE2pw7hVrQFx7v2xs
                                                                                                                                                                                MD5:DEEDFD7160DE413AAFEA2FC244315F21
                                                                                                                                                                                SHA1:84A24EFB9957221FDD4F30C3129D3908A4122B13
                                                                                                                                                                                SHA-256:3CC7B16C6A9F1245746CE2C51CDB5EF5D06D0848CB5C574EA57FA3A66DA7E347
                                                                                                                                                                                SHA-512:1493DBEC8D851C34252B6282BA31FAABDD2652CD41345564F4C46192FDA6AD8F3ACD72A13400345DFAB6FAAA794A315EF488764B05F494BBF04084245DFEFE57
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:....>.0.............L.....I.+5K..0....P7. ....[._6....N....t...|0....D..d..]2]..x[..0.|.....(..f.Ir..i.....].~...\.......{.A8..C?gm.W...2.3...j..".V...~.E)...1?...2.L...n_.!.{..=!_..N....+..).RyMmu.4........H.$....~:1.x.&.7F@...T..{y4=L..J.2...5Zx.F..QeA...MR....t_rA.w.Z_.....K.BN..E'.b....E.&......&.xq...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):432
                                                                                                                                                                                Entropy (8bit):7.525192320303411
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:Iwx3u31auUeoFNcnfB16PkFrnfaaDixTYJ:IwxaOc516PWv2xs
                                                                                                                                                                                MD5:3366D851646DC10FFF10AA61D3C16179
                                                                                                                                                                                SHA1:2BB6ED8BC0938EC4CAA426F3D452CAA178C238B8
                                                                                                                                                                                SHA-256:D9AE84BCBE674B051880092CAA06C2C637DFBF80D143441EE1C93CEB52CB9F59
                                                                                                                                                                                SHA-512:10638774140D3D0C6D79DA679810B964C3E19DF426F8F6BD348E006F06C8BC786271C470D1EE3BC551AEFB4389BA638FBAD7F0EB15FFE9CF56DAEE85EF7082BF
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:SR:..I3...G....<.G.Y.....d..-O..6S!?+nOD.v."&.qVF.,.h..D.lM.k....;yRa..z.....~*<>...V...S..l.UUhn.2X..^.....or"...HIS...U....,.S.E..f..M......A5+. ..0.l....gG......./.k.T...V*.4^...).^....c..g....D..2t....u..{+4=L..I.2./.Q....vDAU..`[..-.-1...~p.R.e........#...h..UR.M.Cm....}..pls...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):487
                                                                                                                                                                                Entropy (8bit):7.504413110613771
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:lGEGdvQzWx0nCjKVGxU1J99GhSaaDixTYJ:lGxIzYGD+h02xs
                                                                                                                                                                                MD5:9A2BFF87739D99C9DB47EDF1C3BABE4F
                                                                                                                                                                                SHA1:86E2EBE5115830AC8599253747A409CDE266918B
                                                                                                                                                                                SHA-256:B24E4EE17A385EEC8656EC3FEDD3E147243FECF2F9EE8F74DCCDE88893349A95
                                                                                                                                                                                SHA-512:028BA1F5B0BAE2D7D2CEA66DB0DB9D0E94EA111F71C4C71B09DCF100901F0968A67EFBE11D5503A6946CE791D0A10FC074C68361FEE996CB15ED696686E39BF8
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:;.I...o."0....^.......{@....'l..D.l.N..|...;.0..$.g.+O.}.#$.s.S=..3J....O.=C^@;..C..Aj>j..xHY.kc..SO.aq.}[....s.n.4J4i_..v....Odr.W..A.k.^.....)....0.p.Z2..;/vGR...OE#Mo;....0.L8.d.z.....cop.5A*... .H.^....k.H\.`...U.WC.....&lm..4..4[.kB.<.........tc..L.l..$....T..{y4=L..J.2..+.84..g....W...+{o....\..*.....1.....~{....IH....po)c.Aq...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):469
                                                                                                                                                                                Entropy (8bit):7.517398839028656
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:yLd0Gv53rxQLIiBjumQqDkYP7HepaaDixTYJ:udfxcYJqD17M2xs
                                                                                                                                                                                MD5:0B6E73BC393A169BB0B1FD4E9C1E86A3
                                                                                                                                                                                SHA1:CADD5489E120EB6B8BDB53E09A9D3F441910E576
                                                                                                                                                                                SHA-256:C4E21064A21A27209044E5EDD008C82D86A9777A1A01BFB99095FC019F1FC471
                                                                                                                                                                                SHA-512:60C0E63484B8216D0419A6E17A2D4F3210100305F41D7DF1703A8C17656F1080F57496C2F6B5505688C4247C7068950A6FFFFB741EDF1892217A9319482EA8C7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:G.?....r0.Ye(9a....T.}.Y.~..+_..s.T....`|.u.4....P...=z..gC3e~YN..#..S^.*..=....$k.).ZmL...M.d..GJ.=.Y...[.]2...........~b.......fX.U&?..ay.....[O.Cv!.sHrj.^<X..y......~0S...{..?$wOLL.>..F..#"..(.=.[7p2.....4......P.B.D....f`..qZ......5T..)y4=L..J.1./._?..A..l'..3.[z...`v7..D@..<|.oF.*W.[5...d..\.(.@...3.g..c..=r...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):479
                                                                                                                                                                                Entropy (8bit):7.523481867929382
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:O8Sn80hNrZuyDl9BCOG1O1JM7uaaDixTYJ:O8M8MNr8yDl9BCOiyJr2xs
                                                                                                                                                                                MD5:6AEF6C7803F61D2AF71CCD1EF157BF5F
                                                                                                                                                                                SHA1:232C040123F6FB0C028D2A25D8D3F072FD56CFB6
                                                                                                                                                                                SHA-256:4727476744EA9FA54607F6E9B11BB410754D47CCFA04F47E7B38181AD3AE26CA
                                                                                                                                                                                SHA-512:A6C52BFB71DDC7FBB1529DD785BFBC101CBDBB5ED47B96C69D363C1D64269F316F1EA3359C99332883AFA2DA302DC60C90CB13D1B505EFF33F2E9CF369FA5949
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:A>........nX.v...e.FV.9..<%#.S..w...,.....[........./S.r.....,0......b{..y4o...S..>...s..S7y.~...C[N....B.Q{...4....e#v..i...R..\>]7.g._...1M.A......^......:L...+V/._!...N'..../.{.....:.P..\.A..{WV]..B.. ...B....-.{..Yu....r.4......(.......X.q.....D..M.T..{z4=L..J.9D......G.G.%.9j..W.n...]m$.i.c.....vg-.l]..fF\.G......s...&\..m...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):431
                                                                                                                                                                                Entropy (8bit):7.498962979534495
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:rsNcZw0VYTgz7Uk9dzNyPblZU4Ghcg6KK/scXkF0HXKXqrnzo66uoxTQWryJJ:wYwDe7ZLsbv/O1bT0HaaDixTYJ
                                                                                                                                                                                MD5:A36078EA41B215B5B1DF07240E591F0E
                                                                                                                                                                                SHA1:E7BCDD1367FB7C13CA22289BB7AFDCBC21BE2F5B
                                                                                                                                                                                SHA-256:05CB0FBB049F0E920D45DB700E74DCA4774987F9727B90ED8DB31643C5037FE4
                                                                                                                                                                                SHA-512:4FAF39378DFA33C3271D586C7AE642C8B7F9184299FF41A906FEC135114AFCF5F654B8356CDAE545F3B8B3E213823F583D28E0EA601DD1C29E25C1AB00040B7E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.....6h....SM3.G.X=..b...X.;.-pcy.D....u..Z.......PG.]#<.#k1.Q........Y......~.`. Y.R..}..cK.... .*..b}.....x?..b.v....u.0.4.'^.(....)...N.p...eqd4_21.......^S..T..Yi..4^.....Q...;.......1.....)....T..{yf=L..J..2./.'..d.l......:..[.>3.6.....*_......p.p.l..FM.. <H...'..8..w.Ut...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):462
                                                                                                                                                                                Entropy (8bit):7.487013872147378
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:SoTmv7qbfL8JTXppxBbffUCw+0L/8448V1i+kZg8aaDixTYJ:YqbfL87pDpI+up4013kt2xs
                                                                                                                                                                                MD5:C9F800152DEF87212EC826CAA645BF40
                                                                                                                                                                                SHA1:D120E635D24060FB8506FF67A1D77E77230A373A
                                                                                                                                                                                SHA-256:7F0712EDD90A1680D0BBAF85754260E67C2214823501839A0D8ECD8E783FBC59
                                                                                                                                                                                SHA-512:BAA2FBDACF0E5C128279E39E4D798496BEC3D7AA002B2180C399A62AFBAE96400C735644EC3212B1569A8E9634001BCF3D2B648DFC3F79F188D90B0823A38FF9
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.D*.....:P..is.....K......}8.."0F.$k.....t..N..f.I..h]"[..U...Q../6..;..{c...%i.'.w.X..'..r.Z_..6........n.N.?v!..(. p..Bc.R..GWz.xM.5..S.....%:.q:.x0..F.%.4ks*t].}O7.$...=tj.ET...........\...i:...gF..[Q...6.5.4\.......6.....I.....'@.&.7F@...T..{y4=L..J.2.O.9w..]36xf]...MI..].....ZG....=..B...1v..}f6.5.. RF.Fc&.?.cq...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):438
                                                                                                                                                                                Entropy (8bit):7.5425690952086955
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:V+k3HxI1uKw+8rA+np54/SH+MvBL8k3c1Uq2awgO+SNbnbpLXKXqrnzo66uoxTQ7:nRIfw+8vp54/0+KcedJHlbdaaDixTYJ
                                                                                                                                                                                MD5:BB613B6A0A462A0A58BF4E078EC7E30E
                                                                                                                                                                                SHA1:CE83F509E935E3C77D94C2236E1831BD1DCFC3D2
                                                                                                                                                                                SHA-256:F34AD7CD8B02FD2A58C99321BFC895097738D106CC953C1C4409609196222E7C
                                                                                                                                                                                SHA-512:A291A7EB1AF92518C0EEE1C337FBDF291885A5DB118A69D3EF8D6578003C614CB711A51B903479B4DB2A4D56EF2AF071225C779A8216584789CD6A954140EB9C
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..W...N........a.7G.U.u.....T<{.nS...,...#.{KP"...%Y\.l...;..#Pi.....6c....px2%.....5..n.2..dr..F.)...8...&#..e.3.}....s4.B...,..u.../.H..YAx\<..y..X.3.*w.w...O,...jz.4(..G...CJ..T...?.4......P[l...-.Mm*7.].........T..{y4=L..J.2..7..oQw...RD'...M.WK..(.G....2=..G...Xv...+@.....\p.cw.dm}}^.Gq...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):497
                                                                                                                                                                                Entropy (8bit):7.61081910082898
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:feMjnA5UAEq9srd4WPZcPESrm4fLugLiliyaaDixTYJ:5Auhq9srdpePK4faEiB2xs
                                                                                                                                                                                MD5:146AB02ED1B76E6E3F507570B5D354F5
                                                                                                                                                                                SHA1:78FFE481EB55B07F2F88946A7EBF88B5D1080029
                                                                                                                                                                                SHA-256:FADF9046B50F722A7195C329C73A3704291EEC98A5E394956822CDCF12339815
                                                                                                                                                                                SHA-512:5429C751C14F58BB346A2B49D21F70275031B3F31D0411A24AA14159D3C75870E22AA8E932D8FB93CC4A47B2C533636374CE0AF12DD4C410A6BC262C1842CB3A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:'.^<?....m.:C"...V.W..AI....j.V.u..0...2%..hJ.-.b7....&..pU.b.u.@\%[f.....c.......|.B^...i....K......^.7.......P.......;n..L.9.Z...b.E|.....|..).s..8gF.W....$......v....a4...t.z....G.....H?.V]..].P.....8.HOK..r.^....-..iC...[...z..)..4........6.......j.f.$.d.ptC...u..{+4=L..I.2./.n6..hl....R.b...`....dS.mn....E...n.$L.M]..~.;.N...I..m...s...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):465
                                                                                                                                                                                Entropy (8bit):7.544974414768335
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:NAqu7Dg1AX/80dHOEhz5KGudHIIgaaDixTYJ:NAq8Dl/8afz9AHIIu2xs
                                                                                                                                                                                MD5:99CC8FB2DA2D103C77ADD279F39B2D7B
                                                                                                                                                                                SHA1:8CB1882474E49A6E90D07C1DAEC593310FBA35CD
                                                                                                                                                                                SHA-256:C4C3CFABEF79746361F1583D6E60BFA9A590948F53E495EE50C17E9484208869
                                                                                                                                                                                SHA-512:8795023AC64CCE8F2F840723CC7B88D664CE091603588FCD118522C66C4C43A7ED175A16B9C3ACEB9E1DC7EFB7BB803E8E20FB0845C9CC0F626CAA8389F3CB98
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..._.{..=.3.o....b./..e..8.:NQ:..^...C...x9...!...g-ZW..M.~E..6.CY."7m1...b..xG>..7$.T?f."F...K.......\.....Jl.s.o3:.<K.cf[.L..$.H.9..L/..PN...]0.(...l5[}.}o..>..].2......u&<Ai7bN>vn3;..1..%'.C.ht..NF.7iI.0.UW&..4.....5.q.M.*...ma"...q.B.X...GT..{y7=L..J.q..l..}YgV....r.9_.|....$...d3.-.F..C.."_......G.zC.....f..A(.n...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):462
                                                                                                                                                                                Entropy (8bit):7.5188949456391505
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:weRFN7sBe5CXQd1PFDkJLY4NEvoo8coqOTcIuQ54Kfnc7qafuVQ1O+pvXKXqrnz5:we57sBXGmJMl1nNA4vl1jvaaDixTYJ
                                                                                                                                                                                MD5:811EB68424B1668DCF2C4F9AA3B7D754
                                                                                                                                                                                SHA1:BC0D663AAD3220869EC4F4362EDF3406B1A2F91E
                                                                                                                                                                                SHA-256:E51AC49953EEA9025A1C991E94CC9808B505C86C78BBE8BDA25BD2CFDB332A14
                                                                                                                                                                                SHA-512:9951092CEB8E5CE5D6C8D6931918AED3221D2AFF5A09100663912F5A8512A7D0EB518381B958EC46A202C4B49E3EF110A20B58CD8380B27AFA08255EFFF9E0BF
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.......o.7..(..vI..,zg.f..3..j..H.s.9.....G|..c.6].u.5I...Z'...L..I..].....~....u......*..>.SC.Pv.....Qv3W..?.....y.WFXdD.k...\.y.8kBUm..-.......'7.c.......#M..../...%.x.y.......?ku.}....[V......|)...P.4...._...1.iF....Q dk.....F....T..{y4=O..J..2......_.I..1.K......3..c[N....t.o..F.H.uO.x...Z.H..|...n.5x.p...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):477
                                                                                                                                                                                Entropy (8bit):7.612860498965514
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:3IFr8TJ4Sfgeesu0abft9pnNeiUdqoc2Kkjf90i9spihaaDixTYJ:grKJT/78LPFN+MocJ6fOSsps2xs
                                                                                                                                                                                MD5:6264810A16BA4C4B9D840E59895775EE
                                                                                                                                                                                SHA1:6D77EDFBE07D0416F289C30BF4A04335708C5B34
                                                                                                                                                                                SHA-256:AC514842BA6EE723A9E46324793EFB05DC335A7AF7F879CCC81B160BF6E776D1
                                                                                                                                                                                SHA-512:C26EE4449EB1BC3072FD0BEEA0AD39F315637917C9E0FE3EF4F75D64FC3F082BF6CDBD2EE1275AC77E6F2EE8CD7AB38CD222F00E73C22A278366ED74491D028F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:....WK.Oi..(.{...i...bx...[.|..$2!....P9...Q..Sx......wz....s.._.........e.._..qF0.]6......Q._..M......,e......v..E8..r.E$..1....g.^,*J-.Ld\.>@.nt.`.L,'...^......rB...lfN'"...l...Y.5#.e.^..".....*`spM...t..hc....4.....PZm.......;1."....F....T..{y4=L..J.2.{......3...... ...R~k.i.-L../..~F.-^.'t.....,T?1.5...0.......q...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):462
                                                                                                                                                                                Entropy (8bit):7.559208851201107
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:VeqiBbm/gCCQ/usTVxeQqJvCEaaDixTYJ:VeqJTfTqJvCC2xs
                                                                                                                                                                                MD5:62FFBF45807FD49CF63214924A608080
                                                                                                                                                                                SHA1:8A556175DDFFC1DD452D0B4420FF82ECA795A7C9
                                                                                                                                                                                SHA-256:23D7DD3856E256D578F20626E09F5621DDCA74D703CA6B283894A981D7631DA6
                                                                                                                                                                                SHA-512:05FD1C620876EA5961A5FC398A1252D51A189594C48D4533E434FBDF8857A97383CFFD3265100D71D9F18A3A01ECD08AD2897E1D1655235C1629402DAF24929C
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.G.) .].a....8..g2..".tK.....\}....S.A.n]|..Y%..../.{...m....!.....u.@..zb.4.....U!...9...-'?.;.....N.it.+)7v.u.W..0......@W...M1.$.F..W...........+..z|\..w+..z...9..S......!NIJ...<wq.?..K*.U.-J..\P....4^....P.@....c..?.%.k..t...5T..)y4=L..J.1./.q.."jT'R...~.K...Z........P....M..y|.....$.(pgA..VI.......cr...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):456
                                                                                                                                                                                Entropy (8bit):7.5280394474339865
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:mqaZJ9xkzP5hs7Ax2IHSx4+fp8LUJ8T9+aaDixTYJ:/avTkzhhs7Jvx4aegJk9Q2xs
                                                                                                                                                                                MD5:4BE2C0BB3068E68DA810D762EB00ED25
                                                                                                                                                                                SHA1:E21DE2A6F2FFFD52452951C4151BDEE434FDCEF3
                                                                                                                                                                                SHA-256:2479C2454C288A5D65A80EB21A0E030A6B3DD62D0AADBD94F07E350D212F2445
                                                                                                                                                                                SHA-512:20BFFF2504363415DBD68209EFB6719302E15A79477330864D7AA46DC58D210F5252D1482AF34BEC91B3F372D87B882C9FD70AAD88FD4E581D117273E1668C59
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.....S..S..c..?8.`6.\.xY............@.....G..9"........c.....x...`6.n.THt.GuI...}..]..&J{7.sm.....`".te....D 5^.w.......[.!{/.&..txM%.............S.Zr.n-R..$....$.=.'+]..G......&^.....(.;.".. oGW.BZ.4Z......6........3.%...jI...5T..)y4=L..J.1./........z.........".....F.G._..f....u..,.......\!..]z3Wr...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):463
                                                                                                                                                                                Entropy (8bit):7.568324917981743
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:begTwmgX7LvVfzmiUNPJvYUOSaaDixTYJ:SgTaXftzmiUhJAUX2xs
                                                                                                                                                                                MD5:3BC8E8699C9B21E4F50254E536AE261E
                                                                                                                                                                                SHA1:856AFDAFF751C979A00DDB0583843C81527A3A06
                                                                                                                                                                                SHA-256:D6CEE8E61F26A33A6981113002D2B33E2EA0DDFF4A2E0B29E38CFBD2902EE69A
                                                                                                                                                                                SHA-512:62D5A03175859D5B01F499A83DB1B29872533B55C64E033F2D0DB77B770C234E8F38D3029E3A40864235C231F042E74E194004E969B7669C1C5EF32ABE5D2A5D
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.OD..j.. -...."....4B......iI....79.Z.6.vC.M3.=.P.DF....Uts9..O&.W.Z....L....q(.....b._p..... ....'...*..=..^.!lS....r./.P.....>... ...8=.J..3.....U.....,.T.+;....n.~...."...R..LB..M.w.1..~......58...jB<.4Y....).........U..".T...mX..5T..)y4=L..J.1./v9.GJ..../.>)[o.%.2>C...v...E......c.=.b...c.I=3.D..8....g...r...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):455
                                                                                                                                                                                Entropy (8bit):7.546585347428494
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:FxaVJRIHxmYsHYLBXv38SAM4r5bTXJUHaaDixTYJ:Ta8sH0BXvsSvK5ZUz2xs
                                                                                                                                                                                MD5:BB7BF5E8434C8B9598BC828CFD19D3E7
                                                                                                                                                                                SHA1:B42FC7857FB481E3F60B3355BB8817574C3A7575
                                                                                                                                                                                SHA-256:9E094D1FB47192A051AD29A90055A4DF942F828029C3CF310A65BAE3D28F0491
                                                                                                                                                                                SHA-512:5FA7EF8DF87D41CCBDCBEE3E90527D16017D37E991208D8AD4E6B2D2A5288CA24A3F196826D276E4B325EB3D1ABB49D08D41A76187B822CCBDB04EE2C0224EDD
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:c.Z......G.b|4.Y...3.....n...qr......}i..m..3.G...W.~..1Q8......c-Y_..t..q[I.c.....}....G.....o..b.w9v.rd.h.M8|..b-....]U...Z...C2...1.}L....K.-r.*9.m.7q...1S.gK.W.$..j..o|d...).ru....~..+X.4.....P.l......Q...'@.&.2.....u..{+4=L..I.2./.....6...B/...<(oe...=..T..".=...P.,.?...0.T...@..A.....d..5.M6s...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):461
                                                                                                                                                                                Entropy (8bit):7.5492570134970975
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:vxI/gDYg9NKrNkT6HAp1P2lCbfvGSaaDixTYJ:vG/gDHQrNkT6Hc1PTS02xs
                                                                                                                                                                                MD5:B9987077F703E588F3963E617E9951F6
                                                                                                                                                                                SHA1:AC1B48C71CE71A34CE84201A8863F2242E0CCAB5
                                                                                                                                                                                SHA-256:D1F535B67DA3C83C1FA02CBE363989E6871B76F38089EB2FE8CD734F22077FD9
                                                                                                                                                                                SHA-512:8DEF3F45CA14A15E3A5562EC18E71BC4DFD1E9688D2E61103499EFC30E4BB573E3BFDCDA1FA51E69446E753AD47AD3DECCB9C41EAAF1F5FC829341D0F317B494
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..N.^p......5.Qe.>..Y..&.d.`.A.+..u.-..U....u.~}.._i..y.M..eh.&.....i<.~...gR&o.....t.....>k7...*..U.h]..K<.$.W..2l.A.....5...)..:.....(#{@gIX.v.N7../... .K$...ai.dfTn...B...A=.........,.....]....v`..9...4......~1.....Z.|5Q.Y...iF....T..{y4=O..J..2..2>..M<...]g..y....f9.`.F..~[.....>}H&...v@. j."..8.b...UD.{.+p...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):478
                                                                                                                                                                                Entropy (8bit):7.562233729734932
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:BVuenOkvcyF6f9l4sHYKXNIqp+5iAd4huaaDixTYJ:KCbFyQsHl9IqkMAYA2xs
                                                                                                                                                                                MD5:2F9D7D51C363453710794472B4D7656E
                                                                                                                                                                                SHA1:17F154AEBF51E4DA5A4690960EA5BAEEFDB7790E
                                                                                                                                                                                SHA-256:176CD4C375F61609C190B281D973CB83DA219C7A3D6AC10A82357324B8FA62BC
                                                                                                                                                                                SHA-512:4E6463065AD7814584A9EC63875BD5FBA7D8E2616D7EACF9FABD559A45ACDE21BFCA3E5D40B053FF88C1BB132EFC1BB8628371883C39FBD1EBDBA9E6AFD55A05
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..qQ.k.Q..%....'.;.sA....e..p.Hv-.>....:D.....Q........@9s.#$.I....p...cp.I.|z...]..@.0.i..~...G._...1.O..9..u|.....f.w.n2V.*.c]..Z^..sJ..r.1.J_......[z.t3.E..z..N.._Y....w.6#.v..<#...}.b.!...:>$.{B..U..,.B...g...\.9.y..x.4......P.A...X..le3.F.....I.e.5T..)y4=L..J.1./.%..x.%U..b...hIi/VJ.y.1ZX...-!.YUU.....K.8x...&e......~.....J.r...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):465
                                                                                                                                                                                Entropy (8bit):7.512889071674695
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:RbsOOZvb69I+iCTz+hNxE22rAKr1aaDixTYJ:Rbnuvu9IdCX+bQrAK2xs
                                                                                                                                                                                MD5:4F70389C5F9C1E5AF2B5974699B2427A
                                                                                                                                                                                SHA1:7551FB2617654DA0D3E6DD5791A5C20A86AA45C2
                                                                                                                                                                                SHA-256:1A971D94290B6E885C94E81EB9CCEC4EAA92015FF8A4E009D6F087CF06BEF426
                                                                                                                                                                                SHA-512:F83CF38215B0CD283A9BE6F94CEDC51B0E9938EC310F1D92DEE0B5CEE312DFD40125BA42BECA0F0E9D38F0A50D3AD16BD1E897413330898BF855D6156952FDBA
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:@1.*U.....h.K@.{....3N...].@..Z3......B....&......).!Z..k).....`S...t8....7ir......q.wN..xp8..)..gJ.T.GN..W......p.S&....^..K....S.R...yr..O...{...x...y..2...KrL.1$)5.%XRI./u.....f.SA(....F.yP.-B..../J.".U.4........6.......l5.Dd.....tX..5T..)y4=L..J.1./..H....`^...C..F..].<....p...N.."ny..`)70y.^......R.(.......Qr...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):468
                                                                                                                                                                                Entropy (8bit):7.493389266749838
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:3Rdgq4liTgyxnWJ7JMmiCS9cvaaDixTYJ:3oq4lj9niVI2xs
                                                                                                                                                                                MD5:135840BD07CE378D06A0C2B58E109303
                                                                                                                                                                                SHA1:8828D617649C42716E705E3B9740221B664D607F
                                                                                                                                                                                SHA-256:5EC2C65A4D3148961282091CA21327FA15B737E3EA6BFD0D3D605ADCB678779D
                                                                                                                                                                                SHA-512:01BC7B69CF488B1145930F537D286694ABD01B3CF96ECD137875124D10F74CDD771AB4E1215E4FA6B7A76AA58A30B982C647FDF3524A4B2A37A6E765309168C2
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...hf.`...vO5.A.Y.....=|.-....$.K0..d..J....S.`;a.u.}y...s...U....-1Xy..wZ..m....o.vOh.T..z.r...]t.C{[.f.m....X...\*..."_.{.*..p....d[..O.4.K....a.~K..}Ch..ny."......}.......J7.|k..G..0.@W.I2...Gu..3.>.W...|..%48KLU.4Y.....P\B.F....}5.Y....F....T..{y4=L..J.2..(..0^G.b.c@..@..W.......E.u.w.k.......HN_%N.,wK.;..ef...h...q...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):457
                                                                                                                                                                                Entropy (8bit):7.549444140720579
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:0iSxMqYkF1F732hsVVt/uIhr0qbJnnaaDixTYJ:0iNqDv73AKmIPN2xs
                                                                                                                                                                                MD5:C6B42FA32284EF7F5AE3714BAB63286E
                                                                                                                                                                                SHA1:502C05090920320730A84552DF08C7FE452574BD
                                                                                                                                                                                SHA-256:E78DF0F85AE7A4848AEF92C909B1FE0A7320F01C918DF2C36CACA658E99206A1
                                                                                                                                                                                SHA-512:80F6C07CC2298AAB1B533880C6B54F7AE4D487365DF8468AAE7992DC80C3687534CA5E623FDE898E0508C76831E6EEBA14EDCEC50B4D4C4933DCA1661FC383E3
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..F..G6.......p.0.......iBg.]Ga.h.Y..r.<`;....bO...@O.<Kp-..:`..X..v.E|.\v>Ahq.c..u6.<....<d.O ^....=.(`m...(......q..F.V....@G.^G.v..;.......p_.1.V........u%..4-h$..%.......x..,.3d...*Z~6..z.l<V.p%....4.....).....3....[ 5.w...Y.F....T..{y4=L..J.2..`...\............ZI...$.*.......rsS.,e.&.....<........G......q...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):466
                                                                                                                                                                                Entropy (8bit):7.554532035411708
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:jVwGEWhdVVbulsSVxfXgUfd2dscWpdTOJBYpgvn7fD3ZunXKXqrnzo66uoxTQWrE:eAb6lskXeZCO3X/waaDixTYJ
                                                                                                                                                                                MD5:EE304535D8DBFC9F887077B472AA7AD4
                                                                                                                                                                                SHA1:6EF19DA796F7439E978E283E64E05035634FFC02
                                                                                                                                                                                SHA-256:6A2DBA781B1FFD1B12F4A3C9E83A810C3214A32D9830FF266D89BF3B171F606E
                                                                                                                                                                                SHA-512:91F542FCFCACB96086092DF83455B5600DB557A86F54C9A8D2560A730B6D8DC1C817C63A87AA8A3A4D40E064B8991C7D2C7765FE1B59DADD061E0BB53B548472
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.....8u.*SS....O.......g.CJ.........y!....s.6....C...B.!../...0G_.^...........s.<e.....y$.L.*.r.7$....l6.%.........;.7..`.....1.6..J..@.M.W........./.G.Z+.Rxt....i.8...AKK.+j.c..;P........ZB.@=.x$..i.B.].>....m..4\.....n).......Q.e.,....X...GT..{y7=L..J.e....1..".R.].&.U&..B..~*...TK....$.Zvk.o.t....S..AY..... Rn...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):481
                                                                                                                                                                                Entropy (8bit):7.508454052812279
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:XJ1xzlPYIUarfgDsObgSjLHtt9j+px1cqDpuKaaDixTYJ:51537cBbgQH9jWjc0V2xs
                                                                                                                                                                                MD5:B8746AEE2D52BC4A0A1486A803860BAD
                                                                                                                                                                                SHA1:72790131D35EE977E996A47805CDFFE77D154D3C
                                                                                                                                                                                SHA-256:B5E5D45D3B0F477AE36912433B2E5E38A0B431B5B788023309E34CEBC28F0741
                                                                                                                                                                                SHA-512:0F070DB9487CE6DB9E9DC93E308D92B7A626653230461A31512643EE37D76BB99BD5B0E16F83EAF9EFC2486760677B2D7EA59172757604D985E80112B50BF132
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..>.*].......n.9..0...V|.1...Z.w..IO}7/...Ok+VI...l...\..l.>>...L...h.4.wX.......$ w'..6%p.G.{...:=\.H.....)..dv.k...i....6.6..R..N..._...F..#......N.m...k.r$A.eJ|......l.2..........}I......Va...>.Q...J=0["n.IHn..Y....Q...$..;..$.4\.kB.9.....<.....+b.r........T..{y4=L..J.2.5.[..r.]..........P......g.#..[~.......3..*.7..MS....qKL.E...q...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):438
                                                                                                                                                                                Entropy (8bit):7.525534800806337
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:OwlYes0XxvbmQqPLIqujFPL1n4/ghuaaDixTYJ:OpVYTcLDsFD14/gi2xs
                                                                                                                                                                                MD5:E93EA8BA3F1333CC7090C0051F64E70F
                                                                                                                                                                                SHA1:33659F58102946B2A14AD140DFF50531A70149A4
                                                                                                                                                                                SHA-256:428B6FDAB5020A3ACAEB06AF54B4318C2369CFC68B21F6AE5F6C25BADEE80333
                                                                                                                                                                                SHA-512:153B1C3213E81C0229D874EF8FD17CEB7B6809DD8957CD7F614F19BDA38B583A4661DF3698E434A7A5B0DB85FE11CCE7AF658F12B49FFE5AD8069616D0C4D87D
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:F+\.h.._J.vE..?.e6%9..b[...;........mG=./....Z.......*.'..{...=.V...O.w...TL.......G.0...w.u.+fTg......@w......e.U..`.-..J.u|..7......:...d...V.u.F{..U...=.#....M!..T..Ku.LD.D.,.F..4Z.....i)......U[.e.L....U.%.5T..)y4=L..J.1./..9!.....3}....|..Q...U..8>CREFl.V....,9m.....}...^....f......r...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):460
                                                                                                                                                                                Entropy (8bit):7.576404596570444
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:5NVhhyjJphngGPQLTyYQ/ZB0Q/haaDixTYJ:5NVhcjJfgGPQLmBB0eZ2xs
                                                                                                                                                                                MD5:D786A47B08D170898BC6A3CD23ACBBCE
                                                                                                                                                                                SHA1:5E0F22D61ED1588A53479CAE38C176A55A38D200
                                                                                                                                                                                SHA-256:67660EF75BD3014C2E1469D24EE6E06978235E7A18CFE389BE0E8E24BEA98371
                                                                                                                                                                                SHA-512:2D784E2E847CD154351C32FA14B69A8EAA8F6609FB1B55DAB8F08C39FF21FE24FC459362F77C961CD2C86A81EC00EBAEC954FAB074CE1221C2BF722707FFCDBC
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.J..{....I...l.c{.`...j2..:).{;.F.....|g...WM.{8#..;.z.z.>... ..R..*.Y...C_.'.1...$B8..9....(..../.Z.V...Z/..YW.OWJ....T.....~}3j.........e...\.R.T..t.8g.......y)..{.c$.$..@h.v.Z(.4...W.a()..v+....E&..4.......6..E..c..1.'......U..u..{+4=L..I.2./.8$q.IL.b......\......}.=Q..\x.C[.H..>.05w!.kH.#..H...7...H.s...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):463
                                                                                                                                                                                Entropy (8bit):7.545673771042188
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:XMC7sutkNEcn9URWo+PCRqjsVTyLnvsaaDixTYJ:cC7sutkNEcSRW/6+sii2xs
                                                                                                                                                                                MD5:B9309DBB888C7A35FDA74252AD4B4E7F
                                                                                                                                                                                SHA1:7518B62937924D05712B26080918D3AFA2592696
                                                                                                                                                                                SHA-256:A452EE06DD75E0A93CE7B3DCECA3B9DEDA543D6AF5AAF4DEB2FB73A9023A9AE4
                                                                                                                                                                                SHA-512:06F7F06C892D5587568F4975EA2C94544FF108F394EDD8FB852B5573B58D8A2443596BEC95CDEDDB757FC78076512E0B58909BA64C7B4E4C5472CEE2A3932427
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..v..'...=...k/.L..hSB...w.9...I"\...Yp~...4...5.V..s.w..G.....a.?.......OK+]..lb....8Z.....S.B...7._z|..[.....".N......"..ciD.x.M.e.7H....+|.2..-..L....h.\HB....#@(.s..7W..Y)./G.P"....CS...W.......Y......4.......P.mv?....[#bC#R....|....u..{+4=L..I.2./....i/...c....."..n._j...).../m.........%.... ..6.t...h..s...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):475
                                                                                                                                                                                Entropy (8bit):7.5708488359872215
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:mQW25zPoR9KsL9rkUm7X2acYZWy3s1Wo1eZPs6NmnmATk9CsxXoSXKXqrnzo66ub:DflPPKrkF1LcRU0CXoSaaDixTYJ
                                                                                                                                                                                MD5:582CD33CFEBC14C36A57F4E560DDDD0C
                                                                                                                                                                                SHA1:A9BF815F3FBD63C71792F4F6DA453EABFA6993D6
                                                                                                                                                                                SHA-256:5956D4575CAF653BE686AAF07C0D2F20062021741E09F3075138DBB9A095EB2A
                                                                                                                                                                                SHA-512:317B53BCAC83C653DE2FCD834B4A8BA1D907D4490DB330BCB42CE2CCC1FAF30ACD9E2481C238F4F5B601A93225782B0E520B2FC50292C1CEDF6E98D4BF2CB8E1
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:~.[...&K<k9....'...}t..1"m..B..<P.%.,...E....NS..l....l..ewK1\(...$.X:.'g../...`...,.....#@l.M...m...M..9..%5.3...2N........7......].R.y.)...Q1.@........58>.R...q.u:..3".4.7..?....mj""..K..C..lG~u....d:*/.E...J...p.4.......P^l.......6a.h.....tX..5T..)y4=L..J.1./..\E.4L..+..5..b.65a...i.$....+.@eY.E?....z..|.h..Mq.........r...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):464
                                                                                                                                                                                Entropy (8bit):7.462857533083344
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:pLT6q4YocNXpfVIgfSP1bcUpURwIaaDixTYJ:VPVdko2xs
                                                                                                                                                                                MD5:E2D0AD021B65B3F29062A347AC5979BF
                                                                                                                                                                                SHA1:E88B8EEE0536392723D480DD8DCDB48673B40177
                                                                                                                                                                                SHA-256:D72D8E85114EFBBC47E5F2614198545E7A5D54B4485C72B6D2CD788F654073CF
                                                                                                                                                                                SHA-512:6ADFA3A36C5A760FD5F520465C00ED8201516C565656A1AB629B9292AE69F66F4E4B7ADA4813CF587D722988887F5B0F776745308FBB919A8EA4436CD99DA176
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...z.`D.W....Me.....t.F<.".u..#..W)I..U0.z...H.G.p..Y...z.nN....;>...S...}H.k.[oe/>......?$.@..AI....e...:.M.E....Q^(E......}TQ.2?....n.DM.'3..I ..(...@Mb.J...9..9M.uLt.3..O.....-.v"`\JD&..4.O"..pq.f9.:.4......&.5........dF.[_....r....T..{y4=L..J.2..C.>.....e.p5l.xp:...>>...;w.'..#]S....Z.+`..._.-/.a.D....&Mq...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):460
                                                                                                                                                                                Entropy (8bit):7.557050345821632
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:uNH6nS9b+dDVH1u2gnguQSGloCsL2CZD9aaDixTYJ:6nidDVVuPgua63FZR2xs
                                                                                                                                                                                MD5:C76B1D9DB4F3B49D300A46E5B6EF54AE
                                                                                                                                                                                SHA1:D6BF4BC9AB58063C8C717D2EACCA01BA3B17FF3F
                                                                                                                                                                                SHA-256:2A1B72215B1392A796C51A6F50BCB2E7A27205924A631A30605D5657C553CE60
                                                                                                                                                                                SHA-512:8656DB82F8AA875950E1BD1FA0233538E5D98A435C33FB1FE9CB0089C3BA809FCF8909134424E79B1DC76D02E0B8CB60BFB644CE4F662E1962E55D75E5CD4513
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:zl..c...9...LN..g"...z.B..Eo.emYJ.le+..D.....2.J.-.p|.g.z..H...(D.U5.8...,......0Z...Z..?.d..H.0..<bk....~.,l:......W.,.8..Z......2.J#.n.....j.Q....86.&.>z_..gp..l....J../.........s..<}`P..'...n.w.a...4......PYA.C.T..};....t....%.5T..)y4=L..J.1./g".X..K..K(....v_...0.Ax...q.1.:-.....m..s..mj.Aa..@...j.c.y.r...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):440
                                                                                                                                                                                Entropy (8bit):7.5159664692707935
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:T+RhOs/VD9rMEQFqGg8/BB6cVhRCoI8QHQwaaDixTYJ:SKs9DJTZGFv5soILQ+2xs
                                                                                                                                                                                MD5:6E49C1D4A2C66D3123CBA71E83E02D92
                                                                                                                                                                                SHA1:0C5A46DC55BBF3F86C127BD655015BE0EFEB0A85
                                                                                                                                                                                SHA-256:B5A539D762F00468DD853844757C243962513BDABDB20F2CEA27426CA364D79C
                                                                                                                                                                                SHA-512:A8546FC41810BD72D8D2BCB35D34F5B7571C595CFDE6434D4EBBFF2BAF7C792EBB758A7437B1363BEB74194E3B84C9349508D00BEDCEB91722E1D21AA0C90250
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..x.EG...s;aPc8...\).!...d.#...f.=g.`...1...u.SK..t....6<.,(.,Pj.....n.j..].IfN..J..8..r.-.HP.|*}......#...>..U...U.E.8.i=K.B...V\.......@..X...<..N..3>..v,/PmRM...1..:.D.....4.00.cs.(.)..4].kB.9....;.....?1`...Y.%.5T..)y4=L..J.1./^.E...Im1#..lj.p....kd0.i.O.Y&...-.I...+.).n.*........m*....r...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):468
                                                                                                                                                                                Entropy (8bit):7.571449243193513
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:OrYLitjslExDKzfIEI0meo7oTqfVnPA4iAtaaDixTYJ:iZIEBK3mevq9PWAV2xs
                                                                                                                                                                                MD5:C238078CDF2C862BC8EBEE47194B89AF
                                                                                                                                                                                SHA1:16292884FD05FCD068862C628E00530B7C461EF7
                                                                                                                                                                                SHA-256:7B35882D9EF08CBCFFF64646C4F161C820B7D5D508B27CA0CDF4BB7A15D397E6
                                                                                                                                                                                SHA-512:460226B8D39C64C9D09016C1523A65A0E430A9F58584548CDB6EE4C3DD895C3B66A9AAFB3DA828389FC9AD9D3260C7C2F7978ADB4512173AFB7C818580114B7C
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.........cN2.p..M.....;......e...0O.p..w,.<+....).....#.Q2%?......^6.....!# ...;..GH.I..gj..J.V......,x.F...S..?~.ZM...:.U.^.F..?..__Ig.......T...s..n7.e#.....Y..Z.?....D...D;..-.v.........`...w..;.+..3.v."]p.4......P.@.B..c..c.x.l..$....T..{y4=L..J.2.(..^Y.l....6S=.....3..>U .....k.a.!tD.b...4.|......].i.K...#q...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):469
                                                                                                                                                                                Entropy (8bit):7.5196677898842585
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:GWvgShKYvmRTMJiuXVLtO67rlQoaaDixTYJ:GWvtKYeA0CVLt9lQm2xs
                                                                                                                                                                                MD5:FCB60F11346A9574B6F196405167F657
                                                                                                                                                                                SHA1:CE17D745571B77E36556F79FCD631D2E97E2473D
                                                                                                                                                                                SHA-256:577EDBE6F0A965072AE866134B1F393C83D1B330B67628991BEB7787C5A85B2C
                                                                                                                                                                                SHA-512:E6B7DE010131DDD3C162043AAC855876C1AFFD4429F68A5FB75BC12A50CF8266DB5E7B64CD114F629079077AD3D5390A610DDF7A1AEA99200563559DAB3B30F9
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.M_`..6e....m.....I.............$N......:..Wk..}u.\/..q:..`..k/M.}`.~.....`...c.R...q.b..n..{|6.4..z$.ci.N.7^.OI.0.I.q.<6...R&[#Z&.E...q?]...GKP.Lu.OS...!"..U..#.:...B...b....L.v8E..9]...8.>....P%...|..y....H..4........!.....UZ.fC"p..2.......{y4oL..J.2.,.';\..@D.n#..b......$H*..Y...O^.S.g_..Q..JY.@b]j..O.-....~2.6E-w..u...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):464
                                                                                                                                                                                Entropy (8bit):7.492244326237217
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:Tcm/HEiwQJCj619/KwFbRTxQrmVR+vaaDixTYJ:ImsiNMib398r2xs
                                                                                                                                                                                MD5:7422FE4EFE1F1DA02BFED7F692FB4EE2
                                                                                                                                                                                SHA1:62E2D1827E88DC4BC83C5100BD414858D5CE82EC
                                                                                                                                                                                SHA-256:4EFD5925136E6C923C765349F4553255178BAEE8E0CA3F7A4919F78A5E600BA8
                                                                                                                                                                                SHA-512:C386E64161B7EF64E74F62D6AA6F332927D88071078CFF4598114594967DD5F4769AA8FACA43852669704CD29B9160CA134E84F535BE51B7F81E038AC3A2E84E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:. ~....HH.K.;....z..%b....L...i0..U}..I0..e.k..$T.T|...['G.x.s.G..K....M/Y...y.I<-A....."..../.b........~..B8...k....4..H....Kg...w...5..O...L}F....s..>:%.qb\p....;.LP!...`..".....[.......Xr...I../...~.V.5.V.V.9..\......q5..]....|....u..{+4=L..I.2./.$..J.....,."..S|..B..q...G...=.j;..0.^.......?...V........~o..s...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:DOS executable (COM, 0x8C-variant)
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):460
                                                                                                                                                                                Entropy (8bit):7.555227355686633
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:SI/GVYkdodojhIa34i55Ep7ql85RqKSD/aaDixTYJ:SI/fUocIaVk4cqK02xs
                                                                                                                                                                                MD5:5A377066103E8842497BC6B9CE01B27C
                                                                                                                                                                                SHA1:6B3D6BAD6BEE9A164E6BB1954C839B949DE36ECA
                                                                                                                                                                                SHA-256:A5CD272CBBD9E98C191276FA9B2949E4B2E6D3943944D160105676F2B5C6BA99
                                                                                                                                                                                SHA-512:E41CAFB27477F6D5B991A9C6C7478B4A2D7DA019D7A208B529E3DB71A87D877EA05D9556BE3A421140596FE078A3BD89E822EEA7980CC3BA3CF7DEA822B9B794
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:.F%#'..".....W,.Jt....'7.....k.,..8....tL.v.6.d.........8.K[S.....2..5E.X..ld.hT...sK2.e....>.......D.]("...r>..s;.@..ca...&.w$.BZ..l....{.......Pl..%z &.phn..M......*c..Fep...0........@.=....m...y....FQ..4Y....~1..C....L4....&.7F@...T..{y4=L..J.2./.KZSx...".<...N....P$..f......a.@M.(O.'7..Bm.g..|...j...(g`.Eq...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):439
                                                                                                                                                                                Entropy (8bit):7.484445491111637
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:vr+T2ND1TwskaGgIXyGEzNCYOxpaaDixTYJ:TkQlZP5IXyGEk52xs
                                                                                                                                                                                MD5:F6030CADA258963D0CB224AC79704FA7
                                                                                                                                                                                SHA1:90774AF0FAB4F2AF6CD98BC661B60FF4575BD4A8
                                                                                                                                                                                SHA-256:03804745B2036833DCAFE220D105B30B9E3D9744B7033EB121E593F59B49FDC8
                                                                                                                                                                                SHA-512:4E40CDCC3AEAE5F0C595D09E2E4B57B22A00AC0677513DC60612AD24821A8CD8C712FCB368EA2EA61177198B2C09634D6D6FDF1221238005E55437B65905DD31
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:Y..9........$......).8.......Z.+7.r.vt...e4.S....}.?..9..A..9NO....+.......!.-D.c.)J+....h.z5Y7.../..@..yg.J_X....s...%..B.a.#......KJ..?B......)....g8.=.T-.1E....|.xl&..3......."D.......4....#.3.......Pc?.c.:......T..{y4=L..J.2.6M<$..h.qL<..P..M>..^.U2.S.......W.8.......[.8.c..6.<.R....0q...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):457
                                                                                                                                                                                Entropy (8bit):7.503775069816256
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:lu+a3bgrIsI6D73NMLv+1O3e347/spIZZnaaDixTYJ:luzLmIuDLNMLG1O3e3492xs
                                                                                                                                                                                MD5:79471CC1EBAC5347AF48ACE8A79577BD
                                                                                                                                                                                SHA1:73F7F2DF7FE685EEBBD275AC2B8DCA7BD55C28EA
                                                                                                                                                                                SHA-256:21633D181FD850E56AFC8D56256BEF65B3A64A6F7D09033E2F52ED66B1FF801A
                                                                                                                                                                                SHA-512:C76FEC7B600875211BD96764F9FC29A0A82E52F6819EB967F66D5D9174B35D97BB246DCED2D0EA49E3118826EADE2F2CE251CC9BCCBDE73B8DDC6F0466453582
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:+.V....[U.x.yru.......wr?.w.i.T.Zu....X..p.Ra......r.....,.<_..q...?.i..Y l[... ..J&[7.I....I.9.#-4....j..$.[.E..%.?`Gs[a..!.......s..7u.k..Y..~...^....c.e......3Q}.B.Ay....H.~!...ZnLs..Vw"...Y.../....[.(.4Y.....4...oT..I5..x....D.......{y4>L..I.2..?>....I..C..^':N+M&.\..%0t....U.M..0& nP..x.c..L.7.a....mVo...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):460
                                                                                                                                                                                Entropy (8bit):7.51432972744249
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:Mensl6DuDMldDJ4E1gbBzKk9fEDCaaDixTYJ:soSgldDJ4E1ezKGMDk2xs
                                                                                                                                                                                MD5:3B6961A248F8F4B79AF13597E5E01E68
                                                                                                                                                                                SHA1:5580DF2AAAC165DFB7A9E69EEDA515C3BB09002E
                                                                                                                                                                                SHA-256:CCAA483CA7D2081C2C02E5F96A178668F4C264FD57DC4A4FF9B177D5FF74FE64
                                                                                                                                                                                SHA-512:4D570DB86203AEB91EC007ABA107F625183BBEED00DC2A2AE59859325DBD4C7861AFF4495E376DBC74D055C9E816FD808E903DCE9DD8A098A488CBF0FBCC8DE8
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.../...x.8Q...i...`Pk...:|.V{.........D...c.bHM.v>....g..^....Q..G...W_..N........q._.+.y..{."..).YT...[.#D.k&..:W..O. {.]k.F.........k.s...h0.K9.H._."_e.0.....z0s......A.<c...,....../...5..f&..`n<+A.?EM.4..fB....<..6..r.Q.5..@.#.qD.......{y4>L..I.2c1\.x. ...owo.12kS.h.+.2..i.@..d.i..Cz..J.e...w. vh.A.. ....>.o...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:DOS executable (COM, 0x8C-variant)
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):469
                                                                                                                                                                                Entropy (8bit):7.544083998477592
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:RNjdpd4E5yEKdO/5h/YLoeNzThtSOpk6LRswraaDixTYJ:9piE5Fv/TwLoEhtSOpzLRsS2xs
                                                                                                                                                                                MD5:DE8216138854B872A5EF2A0B0B74DA34
                                                                                                                                                                                SHA1:C8F37883B71D11BE461A2B6C43FFE46A0E49DB57
                                                                                                                                                                                SHA-256:A8E59AF526BFDDAFEBC2D02BD21ECADB6F7BF01848E27DA8E87E70F46789E635
                                                                                                                                                                                SHA-512:9ACC957F2C91A0BC4A742BF83986AD20084741F7A7A67A6464C994B98475DE576A2E68205C8F2C73377590F3C87425150D2E41F61F8510AAD23FE9B9F4F6DE87
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:..'y.4.y....r..e:..T .n6..H..t#....-..s......NgXt.....|@<.....nZJ.@.9.uf+.j.~x..I..rE..*@.R\30..jnB.."......^..Y..h...{.....R[.......F..*4.[.^..D........`$aA.E ..|<.k{...".@j........W=..T.m..e....{rC...VG.8..S.j...4^....P.@....c...+.x....._...5T..)y4=L..J.1./.7.,..$y.......7...'.'a..;.F....A.....kQ}.C.2.....7sZ..o.6a4.$2r...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):463
                                                                                                                                                                                Entropy (8bit):7.508036790555753
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:cK40wlIiGVyT3cvuu49Ax+S/5hWNXivaaDixTYJ:c/5G4Il/5QX22xs
                                                                                                                                                                                MD5:A62E31E0990738DA0B2F1D13CC387D9C
                                                                                                                                                                                SHA1:06F53F25BD75ED38FEC7441F404B8E04CC8B7963
                                                                                                                                                                                SHA-256:B67B84A26BB72BF7858C97617006EBF8EFB20E0D2BCDDC83BB70FFA6D25E5358
                                                                                                                                                                                SHA-512:E08DC086C9FFA2B4842154E3C086700CEA4444DE2E36AB16A6D07CF3D7B9093FAB22AC3EC098AF8A1F3F19E9AB5E93D30C8911DAD3A9B49AB763619AA8B4906B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:E<..c6C-...J.'FQ.^.I.9t..vQ....g..|ot.+.L._I9...-.....r.....WG..h......6......7..U.D...-i...[.-.(]....../.+..c...IY.p...SdQ.'.E3.......%..8.L6...K.S.!...I~...7......5E...Xb...9..tg.iD..L.a....j..S.5<.4......P\l...-.Ma.4?h.....X..5T..)y4=L..J.1./............U..4a.m.....7....8.0d.|..mtJi.;..9R]..;.6.."ABRr...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):468
                                                                                                                                                                                Entropy (8bit):7.556762257368862
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:UUp5L75kcUM/TEd01GoS/3KHHaaDixTYJ:UU35kvQTE8Z2xs
                                                                                                                                                                                MD5:0589C4EBE04693A19F21CA9CA7562064
                                                                                                                                                                                SHA1:306712509B85DB17327D6756667898A95398EEEF
                                                                                                                                                                                SHA-256:1F65CAC35EC850452EE8D6DAA53B6964AF3F0CDBCB463C7983259E75AD8366A0
                                                                                                                                                                                SHA-512:9579536C85B5BD17E37E87277240E0D43235686E22F4D89DD43A90E57B10C69A1C4C02BD4459F10A5991BF627034C789EBF7B13D72FB08BC44594B4206D635C2
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:zG.]k..9.v..a.A.?.6^>.F...Jk.Z..-.=.....J. ...mu.....V_9_.o.zU.%e{>..W......lXi..........E....[^.........t....TA..ls..-&....e.+..]S......L/..td(...Ag..J%(.....g.Q..cq.....a.u....9.9......H."_j?..&...u}..B.$b..4.........+E2..P.c.......F....T..{y4=L..J.2.e!.~.....G....J...C....mN..).>d;.y.K.By.{.....x.M.Ng..!.q...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):462
                                                                                                                                                                                Entropy (8bit):7.546753745213344
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:sE0arkRuV8ocknLpRCdBZ7QkxWAivaaDixTYJ:X0sWuSbknlkx7Qcir2xs
                                                                                                                                                                                MD5:62019E74954C1BCDD43DBADF524FA323
                                                                                                                                                                                SHA1:49129BADFA71647B3D890AB422BDC1EDD94A0F03
                                                                                                                                                                                SHA-256:37E5C5D08432AD329C0AA7CFDFC7AF05F7BB123485EB1971AA104A0D3646E45E
                                                                                                                                                                                SHA-512:F0B777AA1A96C975CB58ED4B6CAEF9D4D27B0C48ACB8FA011E0A0207FF5D8BB348797362374EDC36C5AAC6192F38ADE46462996A96FF9F0F873E3DAD8DAC603C
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.4..(q.pa....I....P......D..;.....;.+.?.9.h5..c..)....q....j...........M7...E^.V..r...NL...OS.. Q.u..._3...u...sS.Q...S...^}V...Lz<c....x...*T...>....|....eQ..c.J,O....}W...-.F.}.s..M..<w...}......j._.4....)....;.....{.....C....5T..)y4=L..J.1./....K.../..Qp..q..2p..SHW..R..xU.OI...@..,....-..f....x.ar...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):455
                                                                                                                                                                                Entropy (8bit):7.547443280451709
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:QvnnHyM7BFtYqJrzTNuoYDGVpipWm2daaDixTYJ:6HXBFtZFNWDGVpipEF2xs
                                                                                                                                                                                MD5:72EA7888FBE3B30305BCCA3DF350A10B
                                                                                                                                                                                SHA1:DAE48EB29AF3304B544F68DCCD516F0615E361F9
                                                                                                                                                                                SHA-256:7E2E0230A58D3D32FDB9D0071F4998DC2704E7385EC3F1878F1F066EC93FD87A
                                                                                                                                                                                SHA-512:025302729475F75F6C7C6033D02B5258D022D68DB5EB30C840EB4A7F52AB8BBB0567E6947B7DDF795C072E5E98DF40BF6412EF4BD9D43CB916DC270B0ADC9472
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:b.3X.E2Rn..=.>..7ML@....-.........WpD#........8e.e.W.c..D}.m...O.1.W...L.G..&/whi4....6...O...j|.I..n.T.bf....b.6...H.&b.A5t..X.#.d*ye.._...7k$..R...r..|.[......8....w..^..&......I..."..`m..f.1..7........4.....).\.......14.......D..M.T..{z4=L..J..T..,+?..{.#...n....N.....Z...KA.B..FA..|...D..,JB..\2Wm...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:Dyalog APL external workspace version 20.-119
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):469
                                                                                                                                                                                Entropy (8bit):7.55098380688476
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:Y4/YnwMzY1F46ZNy3q5NKD0O6G8qZOtLFHZvhaaDixTYJ:Y4QwMaLK98q8RlZvZ2xs
                                                                                                                                                                                MD5:EB53B6E09DE6E357EDE04F5495B619DE
                                                                                                                                                                                SHA1:C8FB45E58FB93A78B49F9C6D65D08B30BE0AE4DF
                                                                                                                                                                                SHA-256:25605A57B51F784F67D10D41623CCB9C38664516F5F2110062941B7F954DAC32
                                                                                                                                                                                SHA-512:D0FB072E5C9251E9A3E9F1AC1855781E283C1E9BA8D410F1A9493CC0E30A7CB6AA57B97777D9FFF35B73DA9CF930F205E08243E711C2A9ECD48B3D3E4C4EA14E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:....].+m.%...1.)Y.7eE}..5?..73.P>RE'.hn.S...X........Y...:....B.ls:gz..m_...o.g..{..ub!d..<'B..[5.q..vx....':......)..I.w..7..v....U\..D.1E.|.^....o..E....].....~....pm|n..MB.O.Tn{...<.../...Z......e.p....P.~0....4....!.q.M...Q..s0..E......%.5T..)y4=L..J.1./.k..}B...D..O.:.|H.qi.%t..b"..j.KI.Q.nz.K... fS.*<".Ox....6.E..r...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):468
                                                                                                                                                                                Entropy (8bit):7.559462831923348
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:CMZfdgSMqqoAwYsE5r/y/FTA2NgGyCaaDixTYJ:CaFgjfpW9MpQ2xs
                                                                                                                                                                                MD5:C018943B94EC01A2B4B9D695ECF88115
                                                                                                                                                                                SHA1:A33D08BD57FBD223BE9170D471E800374BB4A890
                                                                                                                                                                                SHA-256:1B3107A7D6C062C247855953E58D78B7E2F5C7CD0DCE8688F7EF3683167FB830
                                                                                                                                                                                SHA-512:1B56A5609F03C1E7F16D6581D6F950B01AE2567712B2ED6BEEF8E813A1AD67A3CEE74026A6FBF8845CE42A400196436ABE36DEDA255B12821BA64A4D16862BCC
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:GvyI.....mY...l..6iY..&K...E.#WENd+.MQ.}.Y!~..9...L..G.....~..2g.d).=.C.F.{....([(k|t.....]..|....0k3..)..g.......5`=.BX=.fC>..{d..X.J..L../....y~..*...Q.0..\v..+.....#..0.Z...Z....-.3..?z4.1CCC..#<...6 ..(......4......6.........b.w...$....T..{y4=L..J.2.l.{..0....!..q..._...2...2./.@.!P....|%S.\xG...I..."..0 .5.q...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):476
                                                                                                                                                                                Entropy (8bit):7.513632759243349
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:549/mS8wrpcosjUeUyzEBPC0PbFmFQyhaaDixTYJ:m9uu1cosjXzKPC0PsFQ82xs
                                                                                                                                                                                MD5:27068C5522B8A173E86142FCBB0957E9
                                                                                                                                                                                SHA1:13A18935B9BBC3845368B6716CC9DCC783B4B5E3
                                                                                                                                                                                SHA-256:E85B9AE9B4D51C9408914DCC43508806DC5162DA7B5B5A89A73AB4288E2D3FFE
                                                                                                                                                                                SHA-512:2E6A0709C2C445A60294901DFCAD2111671450D9E5CE93E8E1FAF9BC3C90D7DF3D3D85E3318FE2E1D1B6C5C2F037060073432268A838C69E5B6A1D66BB6A8325
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:3K2&..._..78.E.CT.S..@..8s...<J...\.....uE..U..A...E.2._&...&..fs...m.i..k..o.~.....,I.&...(.(...3..s..O{QS...b..s{...7....e...k..]......+*5~..I.|.......M....W.1 ...."Xx!A.....Tm..e.1.^..C....KO.c+,m.....4......P.l...-.t..%...L......T..{y4oL..J.2.,.';..?..X..v.....(.....{...Ta....|...(5%..7lR,.?Q`]....;g..C;.|du...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):463
                                                                                                                                                                                Entropy (8bit):7.49607610193364
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:GKsjtZsPI20roTbsqwoaRStYzGw65yaaDixTYJ:BsjrsPxv0S+zES2xs
                                                                                                                                                                                MD5:A75F92D62D9771833DF81B70FC37EBCD
                                                                                                                                                                                SHA1:607922A3171A51229C807CCE6DD03C3FF51859DD
                                                                                                                                                                                SHA-256:ECA00105CCDA975C91C14350F23250C02D116B953CDE1168A149FA5FFF3A65B9
                                                                                                                                                                                SHA-512:10D45B889FE52D0394A945D8140AE9B63EDC6F4D140B089B026D3F597BE542C6336BC4C0FB6A2B1787BB8A6AFB7C97FADE3AFED6208223E0EDF3F97D53038BDA
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:1Y....3...:....#.g..^D..l...r#~.q..Up.`*.l.. .IA.9.r..x_r....M.Qa.u.4.6...J.f..[".2...|S..76-.@......r..~.>.....<....s6...z........{.!o.T..L.b.......M...M.r...Bn......u{2.WI@r..!.y.;...g....k..N1...f...`jg.4......~5..C.....7.t......U..u..{+4=L..I.2./..../....{s..6...m......$L.3..C...V.CF...o3....Ha.N.t.].@.Ks...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):456
                                                                                                                                                                                Entropy (8bit):7.510984224904433
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:7+1zjDrpOsCoKF2uukWymQqwwOXnaaDixTYJ:i1XDF1K8uuf7QqwwOD2xs
                                                                                                                                                                                MD5:12A881FD7E222FC7A2A885024AF76F33
                                                                                                                                                                                SHA1:55FE1F2BE9E310C568CF411390BC9C70DF355AED
                                                                                                                                                                                SHA-256:3669638C80724FF3D36112B9C05C41963D7F7148E64BE8F6C7A35345C9B2F8D4
                                                                                                                                                                                SHA-512:1CB8201C83B2D817AE62C7EBCACD87B3E8DC7FE55E314723454768559B90FBC948EB3DA5960180A96F6B1AAE9E054B69481DE1D41F46838FCECE14581CDCC390
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview::.......a..'...S4..X.o.OH.K......S.....0P"6.z..h....w..c.O......@G.7J.wf.`.n...Y]......../.RT.:.._..._Jc./.....J..j..ES...o3.^(`.Qy..2xO...Y......ERKE&[D/.1..=..kZ.QU.!...=..7..E...h*.w.].R.J..<.mm..4.4[....P.B......Ha..L.k..t...5T..)y4=L..J.1./..N..D...TL.....u.....L8.=r=..+..#.u[...8J....q}N.<|F.])....k^.r...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):480
                                                                                                                                                                                Entropy (8bit):7.504381190995728
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:48Gt+XnenpfVz+DsXq1PAXflyWhgVfNGvaaDixTYJ:ekenwsXJXNxSIr2xs
                                                                                                                                                                                MD5:38C9584DCE4075565C10495320F45BAA
                                                                                                                                                                                SHA1:925C3BAC754E7424FD817A57DE61CCAC1405D1D4
                                                                                                                                                                                SHA-256:17FA9D28D022A1546B33B0C5C41E91881D16DF4261811299E914899C20A619BD
                                                                                                                                                                                SHA-512:F2F7BB730640415034918AE25D0B10A3AFA11DE7E6ED6DEDB175F6ABA96F39B6DEA312C599021329F0136635323292B336E4CD15841736D506483BE6A7E1A775
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:].R2n.....R5.,(.|....z~......h..t@...u......T' ...^..Z..9m..%R..M.S.|B.fO.v...\!._.;N.!\..RB.y(....Sz...6.\6..a.@<c.....:..........;}\y.b..;?...\I..G..U.#hSLu....0..<g.^.`.]..|.Z..{.....F....T..H..k..|%..a2i3kZ9.....T.%.l.]K!.4Z......6........0".G.....tX..5T..)y4=L..J.1./....+.+.z....h.hi:...N........\Hn.#_w...Z<oL9.OB."....liH....r...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1683
                                                                                                                                                                                Entropy (8bit):7.887434749755251
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:1fJ3RCouoPQOT63l0IKkwCIASlQ67sI7q:1fJMoVQOTdNNlFu
                                                                                                                                                                                MD5:43F572FB95EA7E71529334BDC02DA75B
                                                                                                                                                                                SHA1:78FA0BAEE07F978DE06DF286A32C56DD0EAE5DA0
                                                                                                                                                                                SHA-256:FBFBAEAE85C7603C985FD0053597227F1A7DA68EE1F6A407B516C0B1D9CCE211
                                                                                                                                                                                SHA-512:BD7F2022824C57D5394EDE402294E190040C47315A7E5CC6DBDE45E2BF67B3A70EABDB5848C470AA58DA6EEF7CF640F4B93AD6700A80071780C4651C5165A029
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.c.'_...9g.ms..?..&._p..D...V.:..Z..)u..J\....=t..+}........d...>..oI..!.=c.i!I...\..,.z.@..^.X.wu [747O.......&..m...!NH.45...-~..)...&m..4.d....x`..~...^.....`v{.t...J..E.\...9..+..:....-ReK.._....p.,..P..2.m.x...?.....6+s..c^....q..>./..9....F/.n.UT......M.b.0..m5~'..R.....t..D.y..@......O.k....F.5...q....1%.P.G[.oP.~%.q;.~~...[..n..0....<.....uI...#....mT...E.....%1)._k. .5K.Pk|.J..PR..k.G..f.[H?.b7.....,4.T.x....c)..=iT].n.....qC.x%.A......-..y...^^4....*......5(.y....GW...e..l..!Io....H.Cn...b.LCO...0(v..2.^..$..]K<e..J'.n..|#x..,F..j>...mG...~3.J"at.@.Y..K...gQ0,|.Fovi.G?..........);pa.R.....4..L......,.:..=...v.....E..J...:..&.........!m.sw......."6}w.Z.h.3o.^...d>.......jM?..G.....P... .`....*....'m..[BwV5..>..W..T.p.@e.>...V}..........!j....b0hOa..s.M...D..A.V...`.a...ys.....yE..h.6y#J..IM...p.H...V....M...O.B..A^.fJg.6.>.A..MR<.....e+q.d...I. <j...;...Q..<"..\..0..f.. ..~0Rn|.Z..]M..o6B.....n...1.2KY.e.Js...?..V..w.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):253
                                                                                                                                                                                Entropy (8bit):7.06424761417566
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:PLwiiXfLKPKxw6NpnbmE8YXKXqrnzo66uoxTQWryJJ:DwikfUwrnTaaDixTYJ
                                                                                                                                                                                MD5:23D858C71FED375283874F6EC56614FD
                                                                                                                                                                                SHA1:C1B54A92793E23B8BDF7CD7DABB050378C21C369
                                                                                                                                                                                SHA-256:FFB68343F0208AC16E278CDA53F7A762B58FE55138A1ADA62D13E44BF193877E
                                                                                                                                                                                SHA-512:14588B329F373681BB067CCBFE050CFAF95382DB0C038132817C9D6EDC033335CB48C590D9EF583039B058F79E59FC26AE30CCC3611DFC68E4F6B6440D8FA7E7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.!I..1%./......HM{...4Q.....Q...*...h...A.....D...d.c....v!....oa}b..A....p....9D...6...Cd0K...Iu...7..7..]..._...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):291
                                                                                                                                                                                Entropy (8bit):7.283010298196207
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:vwaX8S/l+CjHN30NavXKXqrnzo66uoxTQWryJJ:YK/lLjZ0NavaaDixTYJ
                                                                                                                                                                                MD5:0B67E8B3D554AF8E4B06413B21CD0C6A
                                                                                                                                                                                SHA1:9839F13F2999239230064B4A9D1B1896E4BAD87A
                                                                                                                                                                                SHA-256:2590E42F006256E955E26992C716C383C7175900FBFDFF90EA101337C820E870
                                                                                                                                                                                SHA-512:C7A9B140D48AB3011EBD0DD01C8D868618107A99E4B62ABA38F1A8C8AFC21B229E3BCCFB1548CF96472C77599EBB72D7DBC19EB4DB32CEEFA52C8D2344FE9081
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.w....YY.V...k/.b.k9..]..R."..P.....:.........E.4W.....~5..K..c..f.9.....D..M.T..{z4=L..J.6..[#`.W....T.<.A...5H..`|1.Q.c.4..I.c.e_....0vq.....%.I.$.um...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):253
                                                                                                                                                                                Entropy (8bit):7.187249256384208
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:l3lxRFpSV2eU9j8lhTuE4w7Q84dml/NZlhm4yWk0vCX09aAr9V/Wso66OxnqTKQW:d70sS1TllZvXKXqrnzo66uoxTQWryJJ
                                                                                                                                                                                MD5:3CB2F61B85D7119EA1265330465DFA35
                                                                                                                                                                                SHA1:0FF31D6BCCA10B7C61538A6DB2ECAEE706640E3C
                                                                                                                                                                                SHA-256:B34C2B5EA221D61FEDAA023FBA5C44298673ABC84FE39887291C62970F47F5E5
                                                                                                                                                                                SHA-512:162F1DC1796C58AD7F5F3C8B73DFEC3EBA9B0A874E591BC7C77C33FAEBDB391CC559E27BEE69335FAB123A03792ED06D97DD6C21CEA792E8B7A46611ABC36787
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.&.g..lm.[../...-...^.i.4Q.....Q...*...h...A.....D.....x......6.vc...g1Z./.........Z......+....2...V..co..G.z..ZO_...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):519
                                                                                                                                                                                Entropy (8bit):7.574917313473367
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:rhT7cwoIZVNMVcw8SO7Q0+XPJSbAZcBhaaDixTYJ:rl7cIPcBdOE0+X4kCZ2xs
                                                                                                                                                                                MD5:100B6053AE36E569716286790414B67E
                                                                                                                                                                                SHA1:EC104628ACFB33B1355E73F19C898027A8DF8F1B
                                                                                                                                                                                SHA-256:DAC36EE414F68BC4B30686A66F1118887D9971A8AF6A3DE6EB3F179C43CC7553
                                                                                                                                                                                SHA-512:1188F0F98DDF0B346C81847C8BCF75C70ACC056788E2BF04DB72769B2B1404997E7A9022C22E474E8CAF8CCE33961423A5DA041D43CADA769E2DE60521AD9C42
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......C....CK..t.s.|A......=.=..F.;...KI..A..Y...O6..b.1....4...R.Q.P...T...6k..c]....".-.....q......=s.Qe..TO.2.#yM=.B.K..-\..).S..d.|.d..2...4....N..*.2$.>a.v.U.Q...W3..6..g...UV...Jc.z...Jg[q...7]....\...lpK.k...j.4.aD...!.....N..?...../.j}~.$..1.....j..Y.y......".i\....M..4p...4'.8..u...h...A.....|}?... "............\.f}*'T...CD.(<....`\.......U..33.z.m[...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):527
                                                                                                                                                                                Entropy (8bit):7.5938429651677195
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:L/d7JbF08qZl5PAc8k3rtKbjnq8O4ziscSaaDixTYJ:L/xRF05bBANk7tKjnC4+Q2xs
                                                                                                                                                                                MD5:1AF9F178044FA09D5E17FD8B9BBAC47F
                                                                                                                                                                                SHA1:79B6EED16BCC0D8CA3569F3C1CA00CA8ECA92C94
                                                                                                                                                                                SHA-256:B1E50DB0B7B83CAD8B620C8D06A18B7B81DB6892273D06F359DC71FAE8287B3D
                                                                                                                                                                                SHA-512:3A74518A03E3F9DC1E3F853A6817CB91D7ACBADB3933BD45FEA6EA7B237BC86EAEBC0303C8B04D8C895C161BE63061E4DE000B7FCF1C340CB6A284A6C0E07C64
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:oi.M....>.....u,`H....1....p^"O^..../..A..t....A.\..Y~J;?.o....\.^.~L`....V.>.TY.+.z..h....f.*.!.t....f....TM\.Z*..B!t.8.. 9..|Y7|e.d...:@$..q..-..6.b.7....E.1V.N.^..r'}P.W.!M.g;..q&.C..J..llqD.&...%c..|m)_.K..P..{.;*Z..U.R..~..Mn..U8{........q.,...E..{..t....YI..1G....q.8LCO...x....4p.....PTl..>..h...A.....D....T.].mZF\.s..<(e.}j.l.hzH.u....>. =....>|...vs..^...1e..N?L...y....c...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):248
                                                                                                                                                                                Entropy (8bit):7.085047620783511
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:jSO3Xv4PV54/VzokR0SpXKXqrnzo66uoxTQWryJJ:jH8uKkRvpaaDixTYJ
                                                                                                                                                                                MD5:B10810947A827395E6AEBDCD557B091A
                                                                                                                                                                                SHA1:301D6E8E6093CAC47B9CC99B4AA608D373BCCD19
                                                                                                                                                                                SHA-256:7E5A1520E731EA7402D546253C3C3951117791CA67A18998F93B2A6F9E91A66A
                                                                                                                                                                                SHA-512:6B83754F925F86D39E7C15C25D790467A07F5A395B96A7E2C228D3DDE115352D8F7C5648E85D5ACD976C14D6C15E6F7261B39201CE5E4A8EF4453FA5CA39D2DA
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.uX.D.....Y.E.s..4j....`..6..%...h.U.A.....D....T%.*.z..D.+p.Xb...F0".+.8.a......:.......|$<L.D.z..A.&u...)c.<b...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):560
                                                                                                                                                                                Entropy (8bit):7.685378436588118
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:16f1nfJzqlg74qCOsIM8OUJwC3u2318sBmnWqIz6z1GXOuOMhsrMXpXKXqrnzo65:1e0lg5hDOUy25x0E6zQqMhjpaaDixTYJ
                                                                                                                                                                                MD5:92537D5D4FA1EF2C64B3246DF8C423F2
                                                                                                                                                                                SHA1:E3448DAFEC80837522BE1569FFDA6CADE36E0763
                                                                                                                                                                                SHA-256:80CCB5C8F7857123F0FE66EAC747F7DB2A5618AE8ADD6F596CB98352B03BEE80
                                                                                                                                                                                SHA-512:00D2780CFA7AD8F9502AF806EBE12E35850A8B8690397BD3ABF95BE9754151D24D92627A22C1BE99319A68EF3E5359C26D9524D07C4B504E699F92B018EBA6E7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:R...1.3/..G.MQ..m..-F.Z...\Y.~.Yd.|...{H.....4.h..T.Q.=.I..*.;x.....q.J....W.|......\$#....u.+.....W.E;........q......[X.?.q...w..8.s....,2?...ZX.g.N.....C.mpC).&5..)........ZIz;tV'znI.sR.:.r......G..K..*..`.v........>I......W..P..9..ki|.........S..7..dfZI.........C...LU.....%z.z~{...AhhGXM.;1.5.sCs_..4...z{..._T.PJ..4p...4'.8..u...h...A....w..*...z.....I)..>$\....H..]...#D...N..r......p.....$.Y..M...B[...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):568
                                                                                                                                                                                Entropy (8bit):7.616524074984071
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:HeBgqVjD+zHfZG8/4wNKsE5mjncv8VDEpaaDixTYJ:HeBgEXeHhT9QVmjncku2xs
                                                                                                                                                                                MD5:EB3BD645555DE251FEB2A66B83D3DE2F
                                                                                                                                                                                SHA1:E900B4CB6EDA3547DDFE3E1C8CF6BED0DF439BEB
                                                                                                                                                                                SHA-256:A77DB280B77EDFD197754ACFB5EEE615433EA1EF7C60AED154153097383666BE
                                                                                                                                                                                SHA-512:161D22E8503C3D37C46AF8284D9355F1907432AA4E7DC933C29C484F913B7EAD050F9CEA40D1D1149B92F2F8A9529E2A2A53E664F5A2878BCA5C8194EF9972DA
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.......R....r..J.8.)...$..S..`!..)Z..N..6..v..Y..{.....=Wo.? .w.Kp.{....."...!.n.........F)...01-m.vg....l....Z.;....7.1&..x...])G.g..y...)m@i...`..j...}......Z"$=....5.N,u...".%.[......N..7.#.0....L.2..."'.z..ia:..p.U..'...qj........g...V...b....{K.w.........v...A.....gC.....v.. t..A&.Fkp.tv......q.dw.3Q.i.O.{....4p.....PTl..>..h...A.....D....T......1....S.a.|..N..'T......d..~....!..e85a..q....f$vvc...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):283
                                                                                                                                                                                Entropy (8bit):7.262813212831941
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:A++N/ukDJT1ppgLU0M0+svXKXqrnzo66uoxTQWryJJ:A++NbT1rgLUTPsvaaDixTYJ
                                                                                                                                                                                MD5:A9E0A88CADD45ECD95A5A5E09218B941
                                                                                                                                                                                SHA1:53E03CDC79F9F38D3B79AFA0B2CE68DD9E8558E3
                                                                                                                                                                                SHA-256:B043CA6D5AADEA5BEB018FA2D9FF507F214BDFF85006805DA23D164D576DD570
                                                                                                                                                                                SHA-512:787E689163E0F93B0F77DBB200FA45405D8EBC4411B28BEF2C8F6E75D9DA179A87A01713B007F13CBB0EA60681C7C32015057FAC156E59ABBFE52E6BD65DED33
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...\z.?_.2..".(eI6.&..e......].'.oB..1?...4~.....P}l...-.tX...p.....D....T..xy4=O..J..PE..Q`GS.Rq...o..<p).n..O..Ex.D.Z.TS...{.@.....3....;x.B..&...l...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):731
                                                                                                                                                                                Entropy (8bit):7.73550166877637
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:Erjq5Z5F3vz1QhBpZQLMAQjW3BYMWn0/iSGCD4VnjMHF/ltnaaDixTYJ:EoLh0HZu1Qi+063CD4OZ2xs
                                                                                                                                                                                MD5:865C18DC56910DF41E7D05BD1C2E8E0F
                                                                                                                                                                                SHA1:6065CE43379C9EBE79703DD5A9EFF681223F77A7
                                                                                                                                                                                SHA-256:DB0A4A405BBB22B54BDD752C7505450EF344A92C1DDB3029D2F967103BDC4281
                                                                                                                                                                                SHA-512:2F264FBBD959D30264C9B5875BC5EEEB32139CCFF60603ADF8ABB28CC67C94B424288FFED6370BBBC3D4707FE80DF3D13B65BDC0CDDD06F878E950E745DEE5B2
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.....P...c.....Z.#[YAn..}..A.Rv...<R...7...R..S..D...l-.....f..6....R..hE3.JS.u.Vo=..d....Z..G..x.....j."fF....6.#..h9.*..:O./.X.w..Sc.l....DB...z.D..x.^.W......VsF.\../PN....K...2..F.GE.h.............$\p.;.../..v.....F.7....d..j...Vk0.../.a.3.F.^.N.fSP.a.CL..@t.....3..$1.?.+o....A..`...i.n...N..5....n.j.Y..L....n.=..?|.6.m..>.......s.w.....B.`..Y..:..g......@p..p..<.Ku...S.....J.'.w......|.t>.......]..._c=(...i......T...p..qn.F{...;....pr...4P.....Phl...-.t..)b+....r$....T..{y4=L..J.2...."..R.u.A,.~?}U/..n.N.....d1...LI..`...Q.[.~mYx\82.G.g?..^H'>.q...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):283
                                                                                                                                                                                Entropy (8bit):7.1915595130567445
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:BpWfiDHCXekDJV+VxfF/NVvGmIXuYt+f16hXKXqrnzo66uoxTQWryJJ:22HUzV+BNVvzBNf1SaaDixTYJ
                                                                                                                                                                                MD5:EB07BC1142F1C136E191F25345DAA348
                                                                                                                                                                                SHA1:47B025858BEB39D26375455858EDF5ECAE46B59C
                                                                                                                                                                                SHA-256:08C58993073654BFDDB60899BCDE02D10E2A14218E3BCEC2064B48573EA2D5C0
                                                                                                                                                                                SHA-512:72450DF8BE5979DA9C63A11791982298EEE135757245C6153F09ED8EE4E66F5775F7A4110AAA9FC5EFA3CE8B2040C43AEDC2DFD5BB477EBA6639B8C2AEAEAAA2
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:!.Y.....Pl.&....6......1..~..M...."...V.4~.....P}l...-.tX...p.....D....T..xy4=O..J..b|C.bN..w.TvT.....b.(.m....y..#oG.$m2......$~....W.j..d.A=.ml...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):20712
                                                                                                                                                                                Entropy (8bit):7.990239297611373
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:384:Kfq8ipjg1KOzfO0dsx6IBRdrVvyo11GWR+hruUjBMEUhy74MLjZenToOOq:Kf7sOW0dsgYdr/rgW10jUn/
                                                                                                                                                                                MD5:F29017C185651BAA81C53ACA6236B1DE
                                                                                                                                                                                SHA1:CA649C6A7D421DDAD131DADD1272061761D2A297
                                                                                                                                                                                SHA-256:C7F9E60D010666BD4DE380234E44CD11E4EAAA058E6906E6780CEA5E9BF55E6C
                                                                                                                                                                                SHA-512:FBBA38C878CBE53694E4611C2060422FDF2E83D5718ACACA197241E26628FFC0CD7F57243D22904B9BAD1C751E040920A941E323102FEBE04712760BACF01A9E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...).....`.S..;..a.\H.VA.n"~.y.-...x....L....y>.#... Ct;.G(..#...R..J.i.R.l.k...2"7...G..^...C.y..!KQ:J......O0......[..-p'.....%...J0.Z...L....AI.7......Y..b...0y..wG6}G...\....Le.................e.F.).......`N[&...K.Z.[..k..=^#+.0..C.$#@p..+....Q....E&...Xa...}C..k......,..d.....TN.]n,i...U....`o.3...JM...^.....B...)....iOE[)|~:..D....r..._..M`..G.*..5.. ......)..9T.m.bC.{..&....C..E...`..p~..F.=E.^.l..^rX....().l8...*m.J.......T....ZbQ.{.y....3.].....%........1....Q.......'Q.E.gA....\..eu..%..~..n3?..,.c.K.).s...4..D....N..9..D%Vj.5...7.Q..:.<......x........G...........g|M..n.a...a...u......j..mBP.C...&..4UVexci.K.<.^>&d...I..c.#.(.?0:..\5.EC....B.r..6p.9]o}.v.^k9.....A...*.S..j.].t.. NK..j.P@v.FJ.).@=..-F6..P....+.....@=..,../.z.>Cm...x-.....0<..C.m\..dU.(..V^.R..L!.....t*QEp.......<.P.U.......,e<.....i.[...#.EH...Rn}..Pc.i..>.f.OA > ...^..fq.A.v..[...#.n...>....$........d.BT...m....,...S.0)*..c..\.(..9o..6oU.n......*....*.;
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):763
                                                                                                                                                                                Entropy (8bit):7.715697828086684
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:gteiANDdzkKAbVyv3XzHXS9XmAgboMdeAur8usmbUH/JnguygUFvm63Ci2++paad:gkJ5dzkRyv3j3YXmAgb1djLH/PZ6Si7e
                                                                                                                                                                                MD5:51A43E0FE82FC3FF82B47CCC758D859C
                                                                                                                                                                                SHA1:84B7DDB76CD75EBD818015EF4D983134FC90BD7B
                                                                                                                                                                                SHA-256:E57CDCC6372EAC47CC4E62ECCEC85DBE2415DF982596CFE0944483D511B58F5F
                                                                                                                                                                                SHA-512:D544CD255DDE354BAB88C317C6708F896EDB9979DFC4A4D6A79030C161113E7200F0F5FB245DBE9A3C29B527CD1C81A348F526648A3C63F17CEF0389924E2883
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.W.A....}@...L1~~.G..... E.y..^pgvP{.....6&.5.5.'...!...f..2i"..-.vO..n..3.lX=.}..t.+3.....y..{~2D........|..A..u..O..'.........o...._#t!.).k...~z...S.Kk..I.D..4....r.....g7..B..5+.V..P...._.W1].+......e.C..MC.~.d.03...7g.....rb...P7&....x^...z-..+......j..k........=..*'......ZR.........v..M1.........O..9.^|i..\.".....z.rd.....qB..b~..}:A9..7B.B.J8..^.m..y............pv.....A..7em.].....s..W;..%|.F)...DU|....-.X=WvAL@D@Q....Ag.*.).$.....k\..\........T.Zf........;n.e..+.0.Ea...L..K...4Z.....PJl..-.MI.tC(Z......L?Y...{4.L....2.,.';y0....C...w.$vAu.BR...X...9.C..u.+>.b.^.3,...*..._ z......w6a...y...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37113
                                                                                                                                                                                Entropy (8bit):7.995456496866699
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:QhrdhFMaocZ7Qa6tQv4/sZqK/B/INQrzqZbjdmkaQ4biD8jgVV:mdfho5TkZh/INQr+ZndmkMYOg/
                                                                                                                                                                                MD5:F59A4A28C5296A1F2F8B4C8BC6CE0CEE
                                                                                                                                                                                SHA1:EAC52D5F653B01DDEF10CC19BDB500F45CF557CC
                                                                                                                                                                                SHA-256:707B434ACE07D9FE2643EF6AB7268E721F915AAB2294238C45410CA41136EF29
                                                                                                                                                                                SHA-512:701DD6226D4B64E75726D2CB9C8E9105165354A5EF9B204DB23805F3DDCD9CE716A6D21DB908F65B37ECA4166BF4CA63FB0BF05DC75A08DB4FC6720A976011AD
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:r.1.L..c%..D.p.%Yi...R...f=..WF..t.s....80^..F...@)B7...o.@...\..j.xO.E....9.&C..".T.W...\'......yHm..AI...S...t.....FO..=.......7..".O..%.(`....n.r.[...v.0.Ys...IR=.|.T^s^....5w..a!.vB.J..Ma.H]n.&..5..s.*..V..d..D?=..E.HF.!.......t.U.C....\?79....=..`..2..TCI&p....z@7..4..o...GTFQ...O..iW...f.W..H..~.N.,......-nJ.K.tR.h>....t...^".m..3.{......g.k\vB_c....bl.H,:!I.....C....Y=.$3.K.........C2%B.w.O...........'=...t.$V.xN.....@.B..-..P$,..E."z.v.Y..T..X...Z@y.sp..P.@...U._}W...>-]..\......J.+..$E..{W.x..u...6e..Ic.82......!.w...K..~.......X.m...G<..S$_Zj...%E...I......x.. 1R..........>.+.... N.'..[v..Z......b...!..7.q..m..........Ms8]..[+.m./...P......9.,.......F.T.:.H.]......V_#..P..C......[|....jPDutr%:..*.d..7.'...o8....K....R).z-..O.$.C..n.....3x..o..&@0n.T...FX;.f..8..)............................./...1.?.5.8....!.".B0YC.;.#.>..cE......QvO.ew..w...uX....s.V..<?.C0.&u.d?..y>...&.$.....@...>.).eN..F.c 2.!]....A.z..t<m6.0K.H..
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):3846
                                                                                                                                                                                Entropy (8bit):7.953053809065692
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:76Hg9eDnH2cORLRDH6tb5T8zUkqSZrF+WQN1oBKdUL5eO6CSwZSplUzTLTpbpzKX:76UezrObW8zUkfZcWQNeVd6CSvl0S
                                                                                                                                                                                MD5:371C99CC0F256CD3F2F423FDDB912A99
                                                                                                                                                                                SHA1:A6EFC8DC40DEEDBEAE9B5263A7C4633CDC7DA763
                                                                                                                                                                                SHA-256:109B4A8F0D8FAB771B098BAD502BBEDF48C0395836EB614270E2F16605C10125
                                                                                                                                                                                SHA-512:BF3477F0E16B28A9DC4F826E0898ABDF0868218C8F558E7A13BF5976EE47C65E97A4E47CB19B0027738BBE664C7FA6B18FCD1517850B6DDD00E63F45764912A3
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..L..X..}[-........N!.v.d./M.$..f.g.T.....zr.h....cGQ..B.dC....v.T.M..[%..9H......b.c.....qU....?..O-..\d....@J.~.....B..'.3iX....N...iu....Y...l.w4H.../..g..d...X..?....Nl.../z...^..LPy$V.. N.....PJ>.D.......>9!.F...<[I..rS..K.i.jK.O..#...d.-'...?yz.C..$.....i.......$............J=k[...z...HWa.c.qY....r./.......V...*d....?.h.%.f[N.i..... ?..J..C..<1{-........`B.Ura....|.zC...Y....... .1^.j..aY.....^.T.8.l$*...Y..XWI.m....gB......_.+..N^i......&..2ZR.......%...J....u/.......E[dR\..B.X6...5]..s.q...?.Gp......5.oE!D.........i..W.Ap$~....:.....J0.&z"0.q.*w.2,.]B..3`....HY.w..t..$......l..T.........7......vx7r<..G......r.JG3.....6.d~.y.Q..8...}...2.z.;....}#..l........n..'....4......-...m@..^...~.K.g$.y.c....O.H..w.5i..{pS_I`..Z.`.H.S....Z0O.Rcp....JT..{2.2.T....E'.n/.IZ..B..u.\......8.h.#..g.W.f..Z...9.(=.<..P\.f.p....8.\q5.y.1......r.b.m..\.....5.".@....1K...0ti.n3.M .|Fr.....q.........<..Y,V.z........f.ln...^..$.y....=M.....4...h..F~.Y.s.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):248
                                                                                                                                                                                Entropy (8bit):7.10259302202648
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:2jZbSO3Xv4PkUvn96XKXqrnzo66uoxTQWryJJ:2jZbHovn96aaDixTYJ
                                                                                                                                                                                MD5:7723589752301664E2CEFBFFE89C977D
                                                                                                                                                                                SHA1:7FBB1A65EC6058CB75D0E3BE0B38515A2EED981D
                                                                                                                                                                                SHA-256:6B47DB18638FF6415C512ED882CB7CABA5390B2C43C9B7B76AD2DA093E566EBC
                                                                                                                                                                                SHA-512:24DA945301B66E9905A9E21D13B62486C0F81226C8537CD20E8AF95B6797940C2ED44E2DDD1CD56786F2D802C509234ADEBD034A320CB0DAC13275A8B205D8F9
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......8...[Z./Lo.4j....`..6..%...h.U.A.....D....T..8~.4..^|.>Ll.]a..G.r..|..=.e0B.4Htr<..o$..(.;...PeRh3.2..Sb...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:SysEx File -
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):548
                                                                                                                                                                                Entropy (8bit):7.593131145539252
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:nElpjkiBkop7/oqfZYHrR5cMfpRqqfVkx5aaDixTYJ:nSpjkRo1/oqorR5vfpRrfVkX2xs
                                                                                                                                                                                MD5:19C1D9C42814A94BA3BEC1749AD63C53
                                                                                                                                                                                SHA1:5231506B043AE2322737303BBEF41FCB58C6608E
                                                                                                                                                                                SHA-256:F614CFFD2396A10ADE4F31B9AEC5A26850A6088EF2C87DA59BD09D49EC3A5C4C
                                                                                                                                                                                SHA-512:E72F51F78744548F35A3D222ECCFDAAB8D890F1F37A6AB43D269356E4345AEC860C9B4CC8242E6A59591F274E63C7BC0FF0A37E35F23057AA12B6B7290889D41
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.kG^...a....E...5.=v.)+x.R3..g...\K...R<nC.p..m.j((..;M...Z.p.z.....d{.a.4.s.M.p.:.1......Qz#..r...U................(...q"~...|...K..u [d........z.._o.D....P..4..dZ...e.5M?..y.?..\...@...D..\.......j..$.....G.@.k..w.v..hjDr_aV_.....W...Z..y.X..~..&x....a...v..{.bKKs..0.B<.p.m.8;.f...`.?[5..p1^I..7!...4p...4'.8..u...h...A......2.@.i"....:..Dgp......2.9.=...So..=.W.2%.f..<b..x1. P..po[...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):556
                                                                                                                                                                                Entropy (8bit):7.59271276481896
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:8qt53/64LApG4UEWWJViOFJnXXTOKgIVNQjnLdGvaaDixTYJ:8qz/LcVd5IW1zzgrjngr2xs
                                                                                                                                                                                MD5:C0D106869BE7C23F2040CA708CA8F9CC
                                                                                                                                                                                SHA1:FED2A359487DF5CDF77B5846C3F68970A46E39F0
                                                                                                                                                                                SHA-256:7A1C446F5D1DE8BA044868B03F195021AE9B19BDCAF8B7DD3168C97F3472F30C
                                                                                                                                                                                SHA-512:9470CE26177CB5492BC033C410F9D335434B9FF4F88503A2A56925714CEEBD30D297491442ED82597A1747D561F6D69AA7581EB0C29F400B9E01737A1B755645
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.l.&.&o."..Z=..5.#9....E~.8.N....).So.[.....Y....]j.....MY.Z.....[Q..~.c....j..:..'...+..Y.\A...*....."R&.oX%?...............b..">\.3d..%@....@..Q.I......}........ ......*x.6...|U)..!.|..*X..%......<......@....D:.hn|.=^...cI..k.V5.&......=...9.&....qiw.{2...+.a..bq.$.I}Z.H?.^8......6ZX..T&k.$9A..'..IV..4p.....PTl..>..h...A.....D....T..^S....8...P:..)PV.IlP.O..[0..0&.......b....wZ...<...'X[*..c...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:DOS executable (COM, 0x8C-variant)
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):283
                                                                                                                                                                                Entropy (8bit):7.255163753339428
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:LsZ+L53rv/kDJgMuq+1Y+v0qS2XKXqrnzo66uoxTQWryJJ:LbL5jeVaE2aaDixTYJ
                                                                                                                                                                                MD5:B5410A8A28BD6DCB2F83B087B1E95CC3
                                                                                                                                                                                SHA1:047C2DFB7A414374E203BBF8BDA4E7F15409BC29
                                                                                                                                                                                SHA-256:4486D6C8B9D83F8357D948BDAA2AE8405EE5200EC1FA15053A5BA79FDE7069DD
                                                                                                                                                                                SHA-512:47B0EA304638762967356DD01E0E5C64C50806A4B633CDF185DD5B4800079D48C48FFAB0DB01E174ABCB6EEC70B1F11BCF9AB87CF2274C1B950CAFC64A66D8AC
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:.....O.!".!.k.......$.O[...L .T:.J}.'l"|0.4~.....P}l...-.tX...p.....D....T..xy4=O..J...|...*..........'s....W...j..Z.......^e.....\....-.^..o(1l...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):131313
                                                                                                                                                                                Entropy (8bit):7.998609637549728
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:3072:Yc5cejN6fDte5GNKLbKsBeaaN4dzDk1FZ63twqrcbwRAf+pi8:YccQ4te5SAKsxixZ6uqrcCAf+pi8
                                                                                                                                                                                MD5:C4C7189F16F4B16DE6CCC7B1F5A3A263
                                                                                                                                                                                SHA1:0E64FA231726BEB4E712E44B7260B49E32A2C8DF
                                                                                                                                                                                SHA-256:FBDEACD683387F9DE5977FC06DF9A25DF55FB2FB4F4C4CD9E5C7F140E7726D3F
                                                                                                                                                                                SHA-512:9371FA47DD0FEAD5929D5381E00EF2766C9966611503EC025B6D64D5B1548A0F78EB9BC22EA08945064E83FC86B8D59859CB61127B82497BF33C6DB2DCB665CE
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.)..QXU....[[@..Q.C.E..P..#!Kp^|.f.w.....$...V.q..8.3`u.....;rP......6.3o.L.H..:....z.. ...TH .x{x..2.[+..G"K1.i.,'..Xj......1......._.Fe7.....D..z6j...la{.z..'.a0...K.G.....i.n.sp..j.D...a....Ok.i.P...6T:..:........-.xH.....k.B....*.7.G.......>..T....b...a..1....... .Kux.......`...8..E.<....wa..-.......).......G..|.$.X...c...Te..,..D~`...o.1.H..r.J......G..&=.,.:..$.4f.r......f.......K...C..y8.*...a..N..x8....^.l:...>}.=...7$..~.q/.x.QW$W....C...G.A*zTp......2.|*[..n6q ...p.......d?vg}*..d.'.2.vUQ.Lv.yB..l.....k.*...]g...:..c....L......F.^...h}6._A...Ft.w..[^...9....I......W3.q.......v7.Y...%...Q..2|~.gG.g/.e.9w/.......)............hs....+......R...S....Sv.8.Z.r..I{..@.. ..J.....!3..*..."..N...,.r..G.$...d...A4F`e......?c....Wx..;z..t..x..+.(1.O.............c.......eF....v.s..6&..m.l[.s...K....^.v,.n....[...K...Yz5.F....(.X.HIN.4..M.....1.....B..P[xX|.,..k...6A..9..T.....!MI.:.....U.G....Ju.A..`..H|....!H.(...W...[.uxA!.+.>1...mb..
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):287
                                                                                                                                                                                Entropy (8bit):7.226013971902616
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:CUbQeEpsq27yI9zYLkaBiH7VOo5kw28ACGu4SXKXqrnzo66uoxTQWryJJ:/bQ9jGyoikH7VV6w28AXuxaaDixTYJ
                                                                                                                                                                                MD5:4D5D3AE828387B1BFDC25604B7F842D2
                                                                                                                                                                                SHA1:DD6DDB487FFA08CD12C16CEA9DCD96026E856BFC
                                                                                                                                                                                SHA-256:FF5574B6FBC4A62F0CE60237E198DC2B4D5660124B13CF0A9C4D326220A25E25
                                                                                                                                                                                SHA-512:2F83437AB9178419558D24A7E6A14231CF803E8C58A240004E655C453A9E8AC1A0895A820A10C50994C97991ECE453B9409459CF5CB68145946A182BBE2C5EC1
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...8e.~..B...~.a".]...>m.q.....P. .*.5B.i.......a.S..5gP...PWl..>..h...A.....D....T...v 6.%....r...M..U.&..#.;...8H..S....m........-Z...~........c...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):248
                                                                                                                                                                                Entropy (8bit):7.161179009982047
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:00A1SO3Xv4Px4MGvV9OmlQPzhXKXqrnzo66uoxTQWryJJ:QH3l/OmlQtaaDixTYJ
                                                                                                                                                                                MD5:7909909763F107B2524729AFB0A44E6D
                                                                                                                                                                                SHA1:B9E4ED5343B5C3E69AD4E2B1F94DB34446462589
                                                                                                                                                                                SHA-256:37ACAC02412AE4B58B1461ADB048CB19D75624A94A9ED3D60881A40ABBF47D9D
                                                                                                                                                                                SHA-512:CC236E0EA6CAFE5DCE01126841B4F8071A6F9FB0BE023EA43F62DADD9F2063D69C449228C8DA900F16BE8F60CFFA53F09FB06B11466AAA364E78E108334343CA
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:).....'.....pr.4j....`..6..%...h.U.A.....D....T.(s.m....S.......kD..-.X.h&]>.!}i.v...'.8...~.B.....UP9....L.%,b...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):510
                                                                                                                                                                                Entropy (8bit):7.505172171782398
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:SCyyClvu3ecbnuGRpKKw5ny/Pu0naaDixTYJ:SCyyClvkb1pP+y/Pua2xs
                                                                                                                                                                                MD5:E78DB7B4B4637D11AF829A4317341CAA
                                                                                                                                                                                SHA1:B5AE4795BF6AEE6197A9CA1408CA4025629131BC
                                                                                                                                                                                SHA-256:15D6C5BA3C44C6684E02D5093AC3DBE68F5F50FB2B78C4C2809319E68AF5F669
                                                                                                                                                                                SHA-512:66CB28DBD3A549730C084D33D88CB62A4151CDE9C227468BCDF47278CE9B043B29AD02E5582772560841872BE727D1D5F01F0F2B778924A29FCB63B55F0B3389
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.J...uY:.}.".v.K4.....2\.Q..]c0b.......b...EUB.9.......%.y...8..!....}<.(:v.....7y...lx....G.....V.B^$._.3..:..USk..B2RH7.v..l....Z.... r.........CP9u'.....-....Q..7v....D7T.EXu .Yp.j..R.o.........e...5^.G.3O..Y..b4q....|`d..E.E...o.r..5.d.;.U...\7*.T...@..E.7...4p...4'.8..u...h...A....P9...E.vk.B~[...o..`.<..T|....[|.....d.........].9....LC1.d d[...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):283
                                                                                                                                                                                Entropy (8bit):7.223430714500751
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:lM4WCSX/kDJI4+68eEFEqPvXKXqrnzo66uoxTQWryJJ:lMlRXeI4+HBaaDixTYJ
                                                                                                                                                                                MD5:0A8B65E55E635E629757EA356C5838F8
                                                                                                                                                                                SHA1:C46197928C98487442046C999949AB98F8FED3A0
                                                                                                                                                                                SHA-256:F39A812E8796BB9F09AEBA9136D57EBEE7F0682A751B81326CAB34A58574BBA7
                                                                                                                                                                                SHA-512:EF17E77DF6F2E47DC993ECFA85B0FEC22C6A7A56B9976AAB98D273855B1D7432A21FA47DBE4A874F318C97B30DB666D70C6E6DA9C09E8F4999801B043FD20F9A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.L`Q2....9..D........(.._k..w.;(....yF.4~.....P}l...-.tX...p.....D....T..xy4=O..Jg.U@......;..A.N:K.....Y........7.i.l...n|2..f..Qq...c%.p.R.l...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):359
                                                                                                                                                                                Entropy (8bit):7.454104606214099
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:bjoWrd0D3Aiie8yAD2dGPLkaBqWAQLGUQ+XVehXKXqrnzo66uoxTQWryJJ:o0k3BtT0PJYWPSUxehaaDixTYJ
                                                                                                                                                                                MD5:A6D34C27D17C9556D5253C494A395FAA
                                                                                                                                                                                SHA1:85797968C8302FED9DDEB9A0A58F341D81B06021
                                                                                                                                                                                SHA-256:05D8F77CA44552B4EE0A2E4BB2864C0ABEAA2505118C632CE5A8EEC45B6D7830
                                                                                                                                                                                SHA-512:FD203E90FF156A6D0C2BBB0BF0832A9295D34407D5314928CB641E81E76C17B5753A9E008AF8EB60144BAFAF92B8E00EA879699E19293ED0ADCBA4AA6583EBFC
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.;.8..H...2..!c.v..B.u&.G.k.....sF....aO9#.z...8...wg...W.R.....3..&.R....E.G..B..g..eJ.....(.N^../.....H.f...X.?....).7.5gP...PWl..>..h...A.....D....T.u....O{.o?..R.R..)..;....g0d...9]..$...L>.n.0.,..].......d..f.c...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):248
                                                                                                                                                                                Entropy (8bit):7.126279727594731
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:RkWSO3Xv4P6SlG1H6oBU1Y03oXKXqrnzo66uoxTQWryJJ:lHNxdB03oaaDixTYJ
                                                                                                                                                                                MD5:515890B5C57046BD480A6A977A238786
                                                                                                                                                                                SHA1:4B9633173AF84391B10E1B248A436531B440C3B6
                                                                                                                                                                                SHA-256:765F693D8334859FEB8800C92B8F6CEDC854927E0D870A704601633BEB2467AB
                                                                                                                                                                                SHA-512:262CACEB049B47EE556D69D97DC06078FF98B5650FFAB1A2AE73B115C71A5C16B4BC45E58F6448B6D0DA7F0D7D9DF529138EEAA3B8D02B5ABDAF204C32E7253F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...FwX.!..pLO....4j....`..6..%...h.U.A.....D....T:.>u.TDw....X....4......c.)..^tk..D.....X^.......g...*..xP.Q..b...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):528
                                                                                                                                                                                Entropy (8bit):7.5585817987641875
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:IaafZyafqRLOW7XhyZgiwhsyIMT5KHMXLJMz09oTtQaaDixTYJ:Iaa0aSLxKvwhsyTEMXLJU0mTte2xs
                                                                                                                                                                                MD5:AFF25DE760A33C416585F2D07FABFEAA
                                                                                                                                                                                SHA1:35FCFD18872E2B40004D824E3CEC9C95797B3BF3
                                                                                                                                                                                SHA-256:049A13ED45A184B0337536D65562DCD858923E56E4CFCB402113F8215FA231CD
                                                                                                                                                                                SHA-512:4DBFA72CB2D1D57ED74D0D5BBE340C722312400D76400E29CB8A171CB1495FD8302CB1361ECA09C8A5086FEEDADA609516D1525F79A9F49CF06BEF1299634B40
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:_..=.p.^.D..d.H..*.} ...u.|...G.0.d.O..p.T....'...0..E@D...".b..1.W..QK..o"..@'"..1...?...k....Q..W.E...B*..t..i,.w@..=.?-.yv.A....r..Q._P.<d.?`P......Ur.....c.M+qEL....e....a.....r.7.Yu{......A?...3...7.}.`.2..g...K^w.p.A..p.o^.w...^.W..YmT...O....,\}Z&....b@2mG|#.?..`..qicw`....(....@.4p...4'.8..u...h...A.....N..2{...X.}^..rC..A.p....h...h#.,V...v.es.-r:oX...]_.@..X..x.[...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):283
                                                                                                                                                                                Entropy (8bit):7.250902225139683
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:ykLlQ9fRlW/kDJYD9SsgcCpvXKXqrnzo66uoxTQWryJJ:zxQBzxaacGaaDixTYJ
                                                                                                                                                                                MD5:B526651E5D2ADBEB7CE214C3F7E40146
                                                                                                                                                                                SHA1:52BB417D5BCC9AF16CE3D56E980CBC74DCFA0F56
                                                                                                                                                                                SHA-256:C5A2A70A141EBD6FA988CB83684EAF8D1AD7E8CA5ED82B0FDC6A30D28B3742DC
                                                                                                                                                                                SHA-512:678751F81FF4A110472217464CA2014665EA5F54FD475618BAC5CB0A7C092B6F8E6AAECEF43CA03B79F7FC915331D47DE2A53979E657D88C1FB86A77B8D9D132
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.0n[Z.....].J.).i.....8._.'.*...i.>.azj.4~.....P}l...-.tX...p.....D....T..xy4=O..J.....p.TH..a.e~......S.7.'.]....*#._[....2..I0R.Z..9o...1.Me.`l...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):24819
                                                                                                                                                                                Entropy (8bit):7.992047391166779
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:384:BxhdhqblXgRbsl34fM3V/y+ru6Uq5fJueP09r8Ew6fnyCSuI/ZYKZAi4F6Pjk2zc:ddhqb+Rq34fK//+9r8Esh/v5nwz
                                                                                                                                                                                MD5:25F604878D214944DF7CC2C2F1E3F96E
                                                                                                                                                                                SHA1:11F88ED3C0966B4CE5BF17B2149E977B40D474C3
                                                                                                                                                                                SHA-256:8CBADC8246B06B4BF5E1E9D4067F625ED63E63A02ED3C1156CF76D95F117937A
                                                                                                                                                                                SHA-512:2464ECF06CE90CA65B3A25280E09D9CE088D33010271B9647ED563628F982A8C60C503676ADBFCCD8F3981E6C8A5CCE9965FE96AB1D0254154C55BE35C2A572C
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:\.H...s...>hH.-n.F.F.+%...d..O.=[..Z... J....A...&..h.%.K}/.oH".M4...V...]...l...0....e.......j.U.../1..E.a...ri....o.>...............noh..[.Z........U.r...f..;L.........L......v|).c.`L...h....1..d........7.../d.............FO.eo.K..'|I1......4..l.r..+..Zx.....g.>..$...,.`..t..5.8..SW..P..l.~..:..`...5.......)..^,..Bo{..+.....+.|....A.k....j.;'...$..H....y..g....>m.-,...z..E...K.....W?...)...!.|.!.:k....X........y....n;...G#Y..gO.J....xu...OU.7e..p.e._k.F=...H..M,.]@]. .....B.AK.2.._.K3.....W~..ZS._U..+.q@..%]a.9.Q....Wb..I4....\...?....o......v...0CI.[.J0.C..../O*....{.o0.h.`@.q......%f._..:.+...h......c.'6o..,.@Ub.{ ....Zf=..&......V..%..g7.FQp.c.1..uf...X!......;~Y.!{..(5j....a......]..)..g.o.E.J..T2H.j..U.%_5{D..+V=...o.Wv....Z....R.M.b{.....{...H'U..Q.....b..P,.17.7......+.|..g....0.~.Ll..l ....H{.E..GPC.....L`j.H..(Bq......_.6.....G};.y/...V..ChOK.1...#.1Z*o.........bc..^.P\...l.1.la/....k..(.l.....d'........|3n..l}.kd...B-.{
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):57582
                                                                                                                                                                                Entropy (8bit):7.997191080379121
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:1536:R/bERjWadDQCyC83a9AZgPD5YRV22/Zy8RzvrMQ75jCzqw:lWRDQbr3a9ASPDk28rJvrMWo
                                                                                                                                                                                MD5:18A4835726446DD8A3226B37440522A1
                                                                                                                                                                                SHA1:5E08C486DC438975881458AB0712C79CC7ACDCB0
                                                                                                                                                                                SHA-256:BC1924F13C3B13B39B21980AC330A0FF7E979EFCF1344185138176F80AE0437B
                                                                                                                                                                                SHA-512:2F3A1320714B7F291D0D0B210EA6E7EE67BC8033F2018855A279094C1979DD690D1FCDF8A562846ED45130BF1DADD1DD1CD635775921CCD612B479BE725456FF
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:..6v..c8.....SO...y......z_yD..g"...B.C..U.....e..........F.}.)Y.?...p.g......(7d.s.....a......^....i.J.YS.qHP....g.\&..N\.........y,q.xg.2......U.(r..0.0..fK.9..Wz!.I.V..P.../..y....90.C.....OJ...]5..Z.|..5&.h....j...9.S.....#....A......,...5...2z$...d.t..+2.(..4.7;./..r...i..D.....de..>..E...@....~@&-8>....#..3......,H.5..S..).&e......yJ......S.H..E?..T.NQ4.}9.s.,..w.$..M..)!K.....{....]..5.v....t.:.2-p....'.\cA.....N.K0..q.[d......:..s\.}.5/F..M.R.Z...@.z..r.B.<...D.j..}.c.Z.....Q...)o15.(.......0..$^...:..U..:.f.Y_..i..u..))9..B.1p:]..{.a.;.{./.......b...G;.[.\u<69..nn.n.^.dufTB.`.|..%.X.......&M,q..O.h.;.I.~.uy.1@`U..;)._i........_...oW....5...*.;.!.].-si...s.m...ye.M.R.3f....(...%.......... ...jd..U.u..$FQ[....@0.....ipK2.V..x.{....+.=i..fH`..9M.F......].....o9t.9t..F..p8d%..`v.S..4.Z...'.S..'.@.r.%..'hF.\5....5..X.`.D.nf@./3..{.'....0..........H..jjw'...`sM.......G.&...X..J...Z>...... .,~A6r6.wKc.2..I*...R....d...<.xq.M.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):239
                                                                                                                                                                                Entropy (8bit):7.0971923308484755
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:eeSNq1NKLmJyR6cBSXKXqrnzo66uoxTQWryJJ:mNyBXbaaDixTYJ
                                                                                                                                                                                MD5:40E6F4CA6A201722039E70560C818C70
                                                                                                                                                                                SHA1:4235C33F9D4E81353526DD896FA56F61AD3D4C2D
                                                                                                                                                                                SHA-256:AD7AAED93563BBD8A0B25F907D4E0F4B66AFB03A65D7A77F2BCB26F303943CB6
                                                                                                                                                                                SHA-512:50DD4F03677A9A420D135DC70D438A825CF9590FA52F160AC5757D34E3DC797269C678732765A3EEE8A902F64EE01E08470F9DC2F59ED95CB296E99072AE79A0
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:8d..9.b6.4\.....k1..%...hP..A.....D.....2.g~..l..S0..]..C..:'.T..4.L..._....3P4C.)...NB....3..R..c./.a...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):248
                                                                                                                                                                                Entropy (8bit):7.1090835078104995
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:VjOdpMSO3Xv4PVpx/K5h/vMvXKXqrnzo66uoxTQWryJJ:ZOd+HAihCaaDixTYJ
                                                                                                                                                                                MD5:2E87125FFC6DBBB4D6E08B3FD9D07AA6
                                                                                                                                                                                SHA1:A8568ED279362538907BA67DB36236C8B80BD44E
                                                                                                                                                                                SHA-256:A90FEC339C91299D20B4D6AD4FF4ECB2D306593EB5F6E5AF18FA665E86F630A5
                                                                                                                                                                                SHA-512:C5B6DA030EC102ECB6E7A0471EB3FF1E3E70C40D8F7DE872D7C1D9F0BBB7610618F902AECA21F2E6130B50F2B249BD9411D2E1A95BFFF2B8DADC15D7027653D0
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.k0,...k.O.{._.4j....`..6..%...h.U.A.....D....T.:.........&.~...td.T.....~a...U.z.Y.9=...\.......>~U..E..wnib...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8422
                                                                                                                                                                                Entropy (8bit):7.977003520126318
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:/15U8BUB5yB35hllrJi2Spjek03tsnHYuKOfCifMPX6:/LU8DB359Vlkgts4uJfCRPK
                                                                                                                                                                                MD5:72CD8D97AA1956364D38BFFB7C001F6A
                                                                                                                                                                                SHA1:24BBD8B8C2DFD7EF4D7B50C48242632F6C90EED1
                                                                                                                                                                                SHA-256:306292D9E190328C3E5BAF22F5C7870F0CC34376D8F7335CB3C9DB2EB794CFC1
                                                                                                                                                                                SHA-512:7A5EE60EB15677E1794A7CAEDC88C67C5EDC79CEC7BD89BF0AFAF2A24A9127F9A9249DDC9D5D01EE2D7D152569D7E8034195BEE88283856E1147EC38034E6014
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:G...C.......7>3Z..!....\....LNj.5.C.i.1A6....G.........%qh.[ .g....0z*{+H.@..wX...[........c........z.$...e.\$..1[.....b..;(...b...,..z.D-..).@.m.n.v.+x.C..7*:...].t...H.....<..P$............\i..B.....^.1..V...5.l..FS.B}We4e..e..O..pG..n.t.Q.h++A...C.'..g.ybP(..b0..........A..{..(sP..^A....2c...4....q(...m.........,z.MI?`G.[...x....,......4.D~.A.;X0..s.......E....]B.."....'..$.....{..(......y..kV.n.6.r..HV.;..N]......E.-........m.?"....]......7O....v.Y9Q_Zj......1..is..a..R#\~.....+....w....X...t8X..wC...V..q.M.I.D^......2.;H..@Q..'..Pt...`{.vA...I7..N+......d...n.8.<rh.1+..e..z.K?Mc........q1.C..E.r.D.Z.9I...M....b...:..{.....h.{X..p...7..sU\......Q>Kr......7..)...,ed.(.......dk{..........".O8...%x...n.P0.,.y...P./.[..%.F.S.H2Icf%..HSz.nz.+...z.`..z..wF)%..~...$.>._l4...6P..3..M....^.<...E.9...Ou.T.;..'....j<.xM.[2.N.}.y.+.........].....p..#....k4..>...xn...Ua..I."..@...,..5.M..2.k..9.......,.{..2B.....@..|=...T"..N.....'
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):270566
                                                                                                                                                                                Entropy (8bit):7.999428220560036
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:6144:P7RoV5CEMlxnhf8kA+bh0AIDpHUyTEqHdR/CnSDvRV7tU:PJEMlxnF8ksBHUy3HtvRV7tU
                                                                                                                                                                                MD5:D9F10FD4A45980F3B3FABC940CCC5DBB
                                                                                                                                                                                SHA1:31FF463743A84C0400CD60D1987756DDE53C2EE0
                                                                                                                                                                                SHA-256:E0FDDE72E973CB27A6EEDE9ED52A5DD3CE759B939B598C6ADDFDB8C5C6216127
                                                                                                                                                                                SHA-512:793ED55BE19E077025095E155FC26FE545751F172FC105E29A6A3A3332D44EDC684B032CFE6EB83CC1EE129231AE50FF4263A420B365F36143DF7E5CEC381209
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:#@g{sgm.O.t'/OD............1..MU..n....q...o.d5R..&....".vaV#.t....j...,}.h...j.r.:.h.8.............[d+.;ys,B3.{!..........W.V.v:.......$KvD.I..2.j].+.....`.x...I.*W.9 E..y....IFD..........kv.%.o2.).B..(.{@Y.(.."...?.\m..D.......a....^..n......u..;F.G.h.Dp.....u...il../.........r.....q$x..M.,...2.....b%../.>|..$..3.X...!&..v..F.........!f.."M...C.t...Z.rI..u..q/3.w.P..$....3..r..G..^.J)%...U..-.`...7J.^..3H..v/.alE8z..<..mu-..2..E-:...H.6...)..&...G........A."...`..D..<z.dx.b<)........C;...o ..A...&..7o..Y..`QQ._..`.).....#..].k..r...3..BkU.L.*....M .d..a&...W'c<U.....*....fg.<..~..Ej.NL__...{.c...(0.o.C.......a=V....88w.B.....h.8....ep..3.....\.df..h..E....T..4g7..:x..b.O..;..!..{...Pi..5...v..7.z..2Y..~...........1 .,.RO.n...w...9I..\t......gG..#..5.2..... .#~.....+.1e..!.3....u..1.|......qh9..JI ...3.*..J<......y...9......)(.J...c..!JB.?..T..O...x.t....aY).j.qD.o..7..m........A2.#.L1.".*....]Mkn.%..d....>B.Z.?:.G..u.-.G..A
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8422
                                                                                                                                                                                Entropy (8bit):7.975612709303917
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:zKT/48j6TcFfZg+JXX0ROnOi2oGQn3rPd1SDsTmDX74x/+o:z0N+YFBBnOih17d0DsTmDM5z
                                                                                                                                                                                MD5:9A02240D272FD74CD9AE48246EA4409E
                                                                                                                                                                                SHA1:CF62F5BB9B16D6F3E8F396A63FAC1992534CBCCA
                                                                                                                                                                                SHA-256:780206C43252B8C00C1E973BCBE09A0DB64AAF610C4BED900E84A19A5C734367
                                                                                                                                                                                SHA-512:5B384EA02092DCB2C6578396A59F26789883CC2FDCC1CC4DD2E26A5193027E3A32437067168B84954692391C6ED2BA58DF4AD0BE240138339999637616415A40
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...G....^.C-.q..Jtt.x..".........R..1h... d..P.o.L4)..,...+A..X.<]MS....Q.Ip..B.e......:4g.b../...L..B1....I+i.uG.....p...}..\2..$o....W.jb.H..FS.............W.W.@0#C.7........C.X....sv..v.Y...Il.O6f..!G.&.#X..8..P..s....P...'...?.?.wQ.Na.,.:.^L...:...............A\..m,..7u..I.....Z!8\.Y..../-4.U..#.7.!....N"`S..|-....c..3:].1....".*...w.7..e.....AZ....7..Z0..K......`.B...:^..|.%.9d..W...o.q....^ ..h..,;n.......|...].9U...l'.._.....|...eI..N4.C.....8Y.X.K:?......C[ri.f..s..l.wD.`.@..o;..E%..f..1.$...$..9.?.E.....R?vSP.J......}`.._..6.uB.....f..b,.&.m.sY?X.S....U39...E.9..|..N..?..d....^l5(....Ejl>K...l*..Y...M..zt%...R......;...F~.R.3T...R.m.>.~E......P^..^QL..B.Nz0S`.<....\D*.8.~y.....\u.V..CE.\.... .V.o.$<..|.x..}....pSw..l.....E.JT5.*..?Q..M.n.9^.jQ...D4.....Z....F>...$.|.B:~./.V%6..?.:....7..74.Vy/..>{.......M>p.4.s2r&G.T..Yw..,..p..Tm...:T]N.!..F......N....0..I~.|.4...K..v......t93.9.n.....Y.4.....W.>...nx....!.?-.@.z1h..OL...$..^3
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8422
                                                                                                                                                                                Entropy (8bit):7.977730086110816
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:pWkYzWA5pfhq1CYFJV4nS2f0WXCo0W//ocI6keGftk8TZPiFuSTc:pW/zJ5pfkQQ+lf0uCdWocIxnHTZPiFuL
                                                                                                                                                                                MD5:613D7FD7A7D2701D4FD4D1D12F857ABF
                                                                                                                                                                                SHA1:93F1F27EED04E284673C355143975EDA2CF15741
                                                                                                                                                                                SHA-256:14690DA76D106A2DD7D17FEFD33009DE74112A2488258F5654190D10C95B9946
                                                                                                                                                                                SHA-512:8051FB5029AD5F3D3CEA4075F94F28F3925D83DC1BF687D57F6B5AD4B54B628288D66E5E45D8A0618DE6A108C6B10395C56C63ADD6312936AA11BD510F7144DD
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:a<........sH....@'.]....R*m.g...t.`V....&...=.j.t...3.N.`.y.....|pN8.:.>P.<5Re....*..v.B...6!W..eS.".A.=-c.....U.cq.eQ..e...N...U%o.k..........]...;.l..0.....)....2jN/..U9D}~..$../#`$@M.....u.. HM..sE.....r...f......<(...(.@=.KNvm....>/....g......Oak<..5...K..;...fv......7a..2.Kq.....k...bcQW.0}y..8.w]?...a..P1..=..Sx...Wj.0.@.f.Y,..F..(Z)rR.g...A-...!a..6.,.O.80.W.9......<.%........y-)V....33G...x.3..`..:....^.%.y>...XJcSP$r.,_F"=P..{S....VWe..a<.._...&..Q.............s.IL.B,.OR.=..g....<......M.......U..>-.b.H.{...'..D-.....7..d._..WI:.......0n.&_..'L...].....)...O.{.....r.i..a-..2d]o..c.,6..y....qi.!.6.a.t.^acUBrcb...M?.C.Z..k6..%..4(...}..[4PVe..`.....I...*....".!.o....'....%.K8...w...T.Ekg).......y}5w.../.k@cV...c..F..u.KF.....yEl....C....ni.,y4..t.*-.....U..y.j..|..'...YV.b.K..&[v...u.h...<D..(WC..`...n..<.z.X?;[M....zA.I.Zm.o..;.4=F>....p...`........*fYTE.0+F....$..g.<C..+.n..MEOO@..R..E.{Zg..E.E.,.a.....6...X....../......tQ.\.e...r.9
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):262741
                                                                                                                                                                                Entropy (8bit):7.999244422514075
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:6144:exx/u68IZQyFL0ASriNUy9GbBH/KSCMacOXs1j6TarppPn0B:exxuARF8mNj7SOcOXgOarpV2
                                                                                                                                                                                MD5:2DDF6299FAAB7A0628E52508CF2BCE21
                                                                                                                                                                                SHA1:D903102CA0945E77700426AA31406DE7379582A9
                                                                                                                                                                                SHA-256:E7739B376949D59937287E4E2404EFDEC2C970A46E48F374C97FA6BFC88AD98A
                                                                                                                                                                                SHA-512:286C42E57C1C7C2BE2DB01223E8966E295A2C6B1B9919E1E0B87FBE4CFA8A8E3A03C18029509EABBE01B9230767FF59E658785AD9E1B5D75E1FA16BD6136AB13
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..h.3..>.4...........M......q.vNy.T>.h..u.{....~.I..E..y...T...w..j...wC.......v.6.+.*......Cv..._..F...+..H.:k.pij...6..g...X.{.7;...:...pB4Q.D..x.G.Q...D..y.U'S.....Q....[H@y.<9.....E.?...Wm..Wn...*.....T1..9....@..jEM.....^..Q.P.......E#...~..s.Bp...mR.....#.C...n.t.g.......Q...g......>o.=l.....H;l"`E.t$z+Y.....n.r............S....W.@. ,..Ew..S..eU..L.....O`F..l6M.a..)...%{e..]......d.Q..a.>-^..Kr..F..3O.......B...E.vET..to.....J.\.+E...*.}H...._..>....!....`..G..r.-.vz..W'.t..8...L.....}."..-{.|[.@..T........a.~(..BC9.0'f....[5..|o./j..YZ7.2.....&.......K!.u....$..A..MX...>l=Ry...8.-...(./u...Z..Hk..L......SG6)\...z. )k.]]...D[.)k...k/..(............N...)..2...8..9zcY...>...........=.pV.[...N.>.".....6......$...c....2...O.........r..*7.:K.Z..Qb.-l!..r....4!oO.;....pE...'....T\...@o{...'(..}o..5A....>...-.#.....W.N......@.....q.x.U................{.....[M...Q.o7....e.F..-..}..$....jUk<.Z..yG:h.......y..Z.f..5}..$W]....._.r.f..?.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):458
                                                                                                                                                                                Entropy (8bit):7.560682283997145
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:1LqGCv0OPQPFk2FSB4+JLSdScRaaDixTYJ:1evNo9k8k/JLSQcJ2xs
                                                                                                                                                                                MD5:E6D872AFBDD2041C5E981D4D8E6BA7A9
                                                                                                                                                                                SHA1:C0E6A5FBF2E8DD3ADD5B60B442EC4B3C1C8668AA
                                                                                                                                                                                SHA-256:6EBE3065A7C31A640FDA4D71520206A7AB67FF0FFD9A5560C41047AA6EF0930E
                                                                                                                                                                                SHA-512:62A95848A565F1314463011DD36C5A0D0A5262D24E7DBDB6B8B1A19708733357D6145D2458AD0CF68E26FB4BE0668C778E7266AA56024E3286746E930EF6A4E5
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.8..>.."....*.B.Y..M.O.0..............q.45....;.....|.!Nt..$..........SxDz~..ZgP....-...E..yUgL..7..v..E5.<..)..R..8F*=..I...dV..s...X;.e..c%...,...S.p...z..C8D.`....D.N....8C8...t|..Mmf.w.......4J..K.4......P.U.#...UY.fC%a.......u..{+4=L..I.2./.^......Z.....".O.=.ex.k^E.....+.J.y....P..w...LI..?X....Aj..kts...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):420
                                                                                                                                                                                Entropy (8bit):7.510546121183189
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:Rn1QLZt8QcMCmDXqqqKCw3llpaaDixTYJ:fKtfAm7R2xs
                                                                                                                                                                                MD5:33DF912A6B57DAA7ED8DF0026E473DE6
                                                                                                                                                                                SHA1:B94E7270DA274E3DE7D61B254723D6E8F978AE32
                                                                                                                                                                                SHA-256:277FE6F2FE480547652E149A6AA38F5EB6196E1735CEAFB94D6CDE81C0BE5980
                                                                                                                                                                                SHA-512:029933643F8E11E646DEFDA9144F9CFE951C8E944FA3535856BF5F0413941707DF4FF9971E1E1E9938BE60006B742F49D53C30DD5F1AE76CEA799E7CD9339857
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......./..g....-.b:.m......T|.}}...X...<@.............O...X...Z..'..!Xaa.(.((9..x3..%..5.....g..uX={e..1.(.7..)...*...{^0. .2..9.vt$io..E.?.G....v0......T>..n...5...W....E.4.....&.5..".....0..l.w...D....T..xy4=O..JW8'.7..r...MPtwM.%...o..2y...6..f.6K.al.D.&..?....>5r[iV..R...l...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):498
                                                                                                                                                                                Entropy (8bit):7.580427894196101
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:EwqGIFCrjsvVc8yAbgttxjhWB/DW5+9g3naaDixTYJ:Ewqmrjsi8pbgbxjhQ/6UYT2xs
                                                                                                                                                                                MD5:A6CB363A1544B498D6FA19778D3367CD
                                                                                                                                                                                SHA1:6AE948CADB9B86388E09FFC5F46795A81E39CE57
                                                                                                                                                                                SHA-256:4033BBF3525653ECCD6D4EAC1C34D267DA0856538090BE06E6CF8BCEB40163D5
                                                                                                                                                                                SHA-512:F9219F72BECCC953791C1662DB23FF29F96FA89252AD375B7455DEA282B93696464FFD469D6C345EF674EAC519507AD648328BCC6340D3853910F157C7DFFA91
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.{7n.:s}.>...f..qIYM@T...<G..=.^F.$k...7n.....:..z..9...Y......l.+..H........qo....!.....%.....y...SX.....v .....]J../.V...-A.B.F=-.I7......r.u...bh......>.Uw...F.t.w+..L5.c..7(j.!.hJ...j..Jo..,).....us.0.%l..AU.{,.]NB...zI[..f.o..6..h./1.*.4...r.A..6..F..R.d:a.u......e.5T..)y4=L..J.1./...o6.q}.F..}O.7...R;...5.`...!|...%..C.......*..kNu.).o...k6Pr...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):461
                                                                                                                                                                                Entropy (8bit):7.521251412230997
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:uKIEFNQf93+0NRValvIBhUtWAVEi69aD3aaDixTYJ:7zFOR+0vValAktCiu+2xs
                                                                                                                                                                                MD5:33CCF4EE4E3E1209B0E5B9775C565124
                                                                                                                                                                                SHA1:F4FFFBA9FAFE99E3DB9938490B7A412F1AF90E9C
                                                                                                                                                                                SHA-256:3DC09C7FE7903B1541225A1779D6DAFA5972CADE3CFE3B777DF3B041D4739207
                                                                                                                                                                                SHA-512:1591E5E4E27AC761D492381AC8C2B5F73E0FB72EC03142F2F3B4CD86684AD4945799BE4B327229DA60EAEE470D0D88E480E764938C2D5070D206A07D7A1FD49E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.`...n.r'..B......g.....hj.....5.,....Ii..Ms....7p.M.D.&KP..t?.w...\W..X.....wKp...........O....6.{.2Q]...q{...[.V..J....73....u*....S'.....0r3.ex.(...]..K...<!.v;&.4....}4....K...[.'.nJ3w...9..!z.W.."..!..4Y....Y....;...YQ..y...F@...T..{y4=L..J.2.....@.,.s.zvc.?...!?u.u.j...}h3..{.b..;G......}..Q....X..`..?q...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):467
                                                                                                                                                                                Entropy (8bit):7.559006921093045
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:sccVf6wkiWdt2k4ZdeEk3KuBw72yhhaaDixTYJ:Nq6Fiit2k4Vk3J+2xs
                                                                                                                                                                                MD5:66D2760BBF9B6CF59282C86E8F0A0463
                                                                                                                                                                                SHA1:62F94B2EAEA8CDC4C97A79B9B0C8DD8C69F07C11
                                                                                                                                                                                SHA-256:5A8CC96349027154EFA1BADE3123287B7C85AAC906B92470E4954620AA01A8C9
                                                                                                                                                                                SHA-512:47C87F989DD602FFFA541666B16670E666E4760548E74DF5196FC506F937451473146D86A6879A90F011F0C7E266FC8273974104D37CFD5CA745D26BB3A6D4DD
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:V.W....aG..x.x.mJg.qi..,C..a]..8..........H.B.......p.......T..i..^...6......V....!:U......[.N..}..4.y..9.X{...t.....a..`...f..*.PDr.,..jN.sD>..!..).h9.......5..|.&/.. .........N.OL8^q1.3h.[%...q.Lf.5Rg7........4......P^S......Pd7.H....F....T..{y4=L..J.2.[......\.T.G.......,>.S..#.....h.<%.%.".*.=..g0....;O..l.5)..0q...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):461
                                                                                                                                                                                Entropy (8bit):7.557727882849148
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:d5LimbWZUue3ezdKFCIum73F/ixaaDixTYJ:LiBs3esxu+1K2xs
                                                                                                                                                                                MD5:8A46A6D2116107ABD1ADE0E3B0D1A2C4
                                                                                                                                                                                SHA1:4BD76CE61AF0C8742AF1C2A689D33FD3B32F5702
                                                                                                                                                                                SHA-256:1A5E20F89E4B5EB935138DF48390E87BFE6C3D4C29D7E065979BAC56DCFBEC90
                                                                                                                                                                                SHA-512:7C13FB021E8FAAFF5207C00A1895134485E787474031CEC4F43C8C26CD444626F8AF18DB2BAD261C58D35244FAABB3559DC7CE4288EE41132B95CCAE5259D89D
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:....s..f..2.kQ.....W.w-...B....X...p...C.>S...d..JV6.....lP.3sA......q._.(....h...-...c.i,..z..z...7....%:..`..ki..R;m<.6.(..........D7.zmN...^.Vc@Y....h\./0..^.=..;w.Zg.V..v..Z..7..4........c..x.....4......P.B.E....e0..e....q.%.5T..)y4=L..J.1./^.*.k.a/..:..H.e..r....... .......o.y5N...lJtaI..Z.68.-.....r...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):432
                                                                                                                                                                                Entropy (8bit):7.459603129761361
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:m9UT2xC9BgdaSw7oqB163UDivaaDixTYJ:mmNBl7oc163Ug2xs
                                                                                                                                                                                MD5:554A4340248C308B5B072245E0C4EB0C
                                                                                                                                                                                SHA1:9B30B3880460AA175902513A420D2AEB2476D7F3
                                                                                                                                                                                SHA-256:9C9F3B87E8ECE043EC1B80223D5BA47CB9D10BDF4B8E3A1936CAA380F5D7B1A3
                                                                                                                                                                                SHA-512:B29348807D60D0DE90C0799968CAC6646606CBF1418D6755837C6434A26AFAECF15513FAEA01ED7FA2006A56F6B77010A16E9CF5512631F4973DE04E904C4D31
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..C..A....._........R..4.....ZU.Km<....|....Y=N..C.BQ..z|...C...w.y7.H...%.......\.....43...mq..G.64.N.....P..U.Y...YG.3z2s...w...0.v.....r..$8x0.Fj..1.....*3@.....r..... ..4^...).^....c..g....D..2t....u..{+4=L..I.2./..)|y.....m....Q.]..'.I_...<...y!.....s.xj...v....#.v7.(...Ex|..s...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):431
                                                                                                                                                                                Entropy (8bit):7.466464348267383
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:KfMRKRMJ6Svc6BXZj4oB+yOOTQvhX2rq0oyEcg6KK/Tm9tq/FPUSXKXqrnzo66ub:5GMlfX52yOB5gvol1wmePUSaaDixTYJ
                                                                                                                                                                                MD5:05BFB30B8B03CCDFD94A23A0E23329F4
                                                                                                                                                                                SHA1:AD9D64DFEEE4B69F0872DE2A4B4DE7066000997B
                                                                                                                                                                                SHA-256:CC4B7B4EBD904E935D523DEA420018C628AA8E44F2451112CA2501E9EF1CADB6
                                                                                                                                                                                SHA-512:06331F6DACBACB8B8C276D185DB654BB911296EA06D1479D068100DBE21448E5F272B742B85216C11591D088C5602880D5BA4820C21CB4FBB6DA0BF65B49D70F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...... .sq...-^.m..,b ._H{...F.........>..`..\...3X..,.+.(/.u..`.V8|j.9.Z..&)..-.....rW.Q]....Ya....... .j4\"...c.r[.d.#.0.q.I1.iC.]....6u..5....W4..W.(.;.0....V..V...l.).4^.....Q...;.......1.....)....T..{yf=L..J..2./.'J..Fr';u...1..a.skn.8s..s-.D.I.W. ..Y...E4I.X.fHf.......`j...t...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):462
                                                                                                                                                                                Entropy (8bit):7.51075982641878
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:7/IEiGi66XifL4WgJkkthmH8448MczY8/T8paaDixTYJ:7ILnXifYJhth44JczYzR2xs
                                                                                                                                                                                MD5:2E0824DDFB5990AFD60311907724BEA8
                                                                                                                                                                                SHA1:3980168B2859E193AE7C39C69D5610B4F6321205
                                                                                                                                                                                SHA-256:42B7BC92E8B86A4D1F60E689462933CD6479B8EA7A39E7A1670CCE2359C594BC
                                                                                                                                                                                SHA-512:1C4A132265FFA5F0AD216933C216686FE5DCE6F4BCED66CEBE91867D967EAEDA18D1784999503AE91AC25CBFE3A6CA1125C4DDCF6F5AE5916962E2C09D260421
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:?.....4S....../L....f.h...q.5...%.....U.r......h..hM.G.%b....G..NP+..........L.Y5./.e........)..........n..+.....$.W......}.Xh../.?_...K.]reS.w.ym.:.j'Mq@..4.Ni'.._.T...<Ff+.c.xS2]H4...}5.E..*...}I..4\.......6.....I.....'@.&.7F@...T..{y4=L..J.2..&..z..3...B.;f,.D.k..R...S.....Or....ufZ..N.}+F....8...Uq...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):438
                                                                                                                                                                                Entropy (8bit):7.5445426271974165
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:KxAdc0vbOaLvRpHVbdhZotI2tQxaaDixTYJ:KxAm8nRvbdhmI2xs
                                                                                                                                                                                MD5:E674140B81602714E357621C8D69DA53
                                                                                                                                                                                SHA1:4ED6C3C62F302828B1BB8905529D9F814ADF5CE3
                                                                                                                                                                                SHA-256:4D41B349EC74C64161E8A0248CB52A36AB6DC43946C03801B59FE39F4590E2E5
                                                                                                                                                                                SHA-512:B790610FC54590C9631004C5169C650238234F8D3CD98051BF1FD36A31610E0C78A2CFED36E0011CD59D5571E5A634D91E1C25123572091BCDEBF99FB1955042
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.ALm./..0.>p.3Z.1.T...nT..I..<[...<nmx.+&.......].sK.;uY.."].HQ}.<^.5.o..MI...........XM....B.w...S.L....*.j$8..+C.."........Tp..dO.fna..I.....~...1.zo..9...c....S-|..A'^.....O:...@...4......P[l...-.Mm*7.].........T..{y4=L..J.2.6.s.s...(..^.....&.j.sX.......'G..Q..,.x.9*..<..D.J ..:.l.?q...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):497
                                                                                                                                                                                Entropy (8bit):7.607379451041165
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:v0+n9gyOjAJBDJN1L3X2ESroLGBaaDixTYJ:vVGqhXa2Q2xs
                                                                                                                                                                                MD5:5AE8772167410E607BB14C24FF318A38
                                                                                                                                                                                SHA1:B027BD9ECDAD7A9E7769A562C8415355930018EF
                                                                                                                                                                                SHA-256:81D18E41096915F192803E7565F882241E3049CC9CF4052AF7380D16404D0172
                                                                                                                                                                                SHA-512:F2BE91C280057F17ABA9DEF3D5EA2F194DA966AF8327194869C20643E9EDAC0C62F5888436D93FB75D1AC2BFEB31C37E81DE7295ED1B71E4CE87F62FA4D4380A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..d...?T.....tjR......'7.\..(.w.[.Il.o.;.t.".,c[.%....#...._..'.zY..{..3.._,.....S.spa.P<i..#..r...7_n.f.......o...W.Z........26.]..2Ih..T.a".#K......-^.Z..n...W7sy....9.&.6{..,...c....rV`.y...(.".P.}...&D....y.Ez .....|!...+..>~.G.k..4........6.......j.f.$.d.ptC...u..{+4=L..I.2./.5.x.........:..........]y...U..76.j...\..S..}.3.v.WDx.#XI.u.rs...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):463
                                                                                                                                                                                Entropy (8bit):7.55110209195359
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:Xdhrp7IWC+tAHzzI0LMUrkJ0YfoLMmsSLL5hnmYm1589hntFvXKXqrnzo66uoxTo:XjyAtkhHNLPz489hntlaaDixTYJ
                                                                                                                                                                                MD5:9B7A26B846EE4034B6FD84D990755FCE
                                                                                                                                                                                SHA1:CA08E0C14BE4326757F2AEC142A398906DA70F50
                                                                                                                                                                                SHA-256:379874804F0357DD98DA287BAAC8D7F6D71F1085EEFE23DD520DC54F32A900B7
                                                                                                                                                                                SHA-512:F6044B52F5F3D1323A2E426682244BEE8F8B589653C48482B971226965CD9621DD28B06B0A16B1DB5393EF554A8A8A086741027931F12E81A4F6A1A67BB96418
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.-56X................(.Aw.[x.7m*;.A-7.........W.9c.V.}.d...V.R...}......O.....U..#q.ja.W.\....W.|.....v....>.:2..C.(P.Q........=T.>D..h..1....k.).p..H.g.f.%.a..V.k.JV.5....H.G..9....>M...N..h.gm..?j..g..4Y....).........U..".T...mX..5T..)y4=L..J.1./'......b`.._^. ..._...F.....(N.....~...<DA1.isU....!\..>&.E\..r...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):455
                                                                                                                                                                                Entropy (8bit):7.577482097956281
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:fwJMEKgUpCosfjrAQVHrZ3IPhaaDixTYJ:fLgUkJfvZ4PZ2xs
                                                                                                                                                                                MD5:58FCBEBA449F2A8A9936E22515B01C82
                                                                                                                                                                                SHA1:4A6CF48D0D625FEE99464811E9AC809D1DC3D23B
                                                                                                                                                                                SHA-256:012A37A1BDDB57B6A9C552403FEF5F3615EB87DD364AA648368928123F04FED0
                                                                                                                                                                                SHA-512:C64B305418B8ECE2B7F849445CB2251EA25C8AA308D9D07356C30DD5CBF19ED1304D28C3AE5A0737636F4C272D7B74E1CBD09A0B38131218C02655433DA67D9F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.ez.....0>dL....a...9..I .&3D{Q.......P...1o.C/L$..0.iV.*V*...$...6..3...t.7.Tl.j........q(..D[..e..twh......}.....iBYG.B%f.]..W,......O-.m.<.b..8&J....\...J.i.}...8..@VV<..%p..#(.Z$Xc..]K).4.....P.l......Q...'@.&.2.....u..{+4=L..I.2./.V..U..a.......t..I7!.:..0.....-M...n._^.0z...v.j....uKDB..`.s...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):461
                                                                                                                                                                                Entropy (8bit):7.511350991758887
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:r2pU8ZY78Us6haTSj58qU1RHXE5hnaaDixTYJ:r2pU8Z6PhaT4eT1BXETT2xs
                                                                                                                                                                                MD5:5EACFDC5CCA3DD343C30BF27C4215367
                                                                                                                                                                                SHA1:B8BF49C7B53282EA313DFB3CFE4310C792BCA4D9
                                                                                                                                                                                SHA-256:E6E89906A5F35F51E4916A954A469E8AF5F861EF7CE4097A9FE39128FDAEE18A
                                                                                                                                                                                SHA-512:BB9F6ADDDCA1979BE9D1A37A77E43152DD8F462E873B53AB7BD295A3F00D5C1B885C3ED35623D944D05AD3844F69CA9F557C077B3117393D8E4B3DA20DB719CF
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...E._$.=..#..J..6X...q.uE..>...t.....S.9*).(..dW.....+.R...K..,.J.<...,..F.v.~{~.j_..7..z.H. :...6.....(.`../.43...By..qu{..........W..iT....[j.....%.LS2..}....\...X....=..Lu6.zP...,.i.[k.b.XBB......P..].4......~1.....Z.|5Q.Y...iF....T..{y4=O..J..2.x.R..eT.#Z....N..R8..b`S..X._.o=.".m.v!w.Uj_.....R.~...$.o..p...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):478
                                                                                                                                                                                Entropy (8bit):7.554230834660339
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:PUzayC9F95LOULCXFX2bRIqp+NKoTdevaaDixTYJ:PUFC9r5Lq2FIqkY2der2xs
                                                                                                                                                                                MD5:AB5A9F9550F12EDEA3C1612E374AD042
                                                                                                                                                                                SHA1:BB3DEC865B9487A1CDE8341F7EB5B08FAE62C65D
                                                                                                                                                                                SHA-256:579B8323CCE3FA26B145266118231C4FCBEB7927E7C5EC093914FCF5D57FE024
                                                                                                                                                                                SHA-512:4F9A697C27BE9E2B5E8213E02642367296D8DFB9FE26F602F7FB732DCB2CC7249CD557EA17B489B953B24C4C2A7145E329DC16E3EE11797C9A1EE6C185225F04
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.6.b..o..g..r\/..{..8...B\C{.{..A........%.e'~.....zl<!.?..3......Db,.3....C....f..Kh;...y..}...#...D....Y[+i&..j.nO.TY...x.Y..|.RHEg.+.+..#R.D.._.P...,.Y..B....P7..|..K..#..B.\..a,.eNb..2.7...Y.*.>..Ta..(.E.9c.4......P.A...X..le3.F.....I.e.5T..)y4=L..J.1./6+o....h..1.^$.EX....I.e..:P.1~.9O=..O....6Z`....*%.........r...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):465
                                                                                                                                                                                Entropy (8bit):7.525981585981307
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:JnZXO3iwwLGzVFd5zvZ6a9CHMUOgSJ+AC66PyE22rnmKyFPxfAPE8XKXqrnzo666:lw4yn1Ya9SMfg4jE22r8ZOE8aaDixTYJ
                                                                                                                                                                                MD5:8CA5FB3B2E9058EA87D018B08C8F456A
                                                                                                                                                                                SHA1:9296B27AD199A9AF46DBBE01ECC51BD4AEBB5D86
                                                                                                                                                                                SHA-256:4563B293382D8DFF32E34262EC5A892C769220711D074D69FAADD68CD241CE74
                                                                                                                                                                                SHA-512:AE09D375C4F61F1803634C8E321C4F4200C0A9B2BD02D422C539EB48EE5E2DFC5C51D46054D1631619983056DF223804DF916868528705ABA6FD69A8BBCFAA80
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:!..u@|c.lLN!...9. /jm.\... .e.....*a.u.o.Qq.n..k&.c.WYt{...-....g.:.qF...!R...i0).,.s1.Z.*.....#......"t...........&}..e.7..~..0d.u.....1..jV4........4i...F.E,`.!............z>...d..2k n...c.2*2..@.IF.4........6.......l5.Dd.....tX..5T..)y4=L..J.1./I0.%....f...\...M1..7%oQ..8..eV.....B.F...#...!a..U.....Y..Dr...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):457
                                                                                                                                                                                Entropy (8bit):7.465792036038811
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:xHtW4H64OHoVa61MDwahNYSU9i/sBhaaDixTYJ:xHfHobDwafNX/sBZ2xs
                                                                                                                                                                                MD5:4B0AABF7C36AEF49FB0F42F03F9930A3
                                                                                                                                                                                SHA1:C0CA00EFC6EA0BE5B38E720B2DC5D71C0F137442
                                                                                                                                                                                SHA-256:78E05DA160B7C132E0CE6C1AE480427AC72C06DCF6E5A70E472DCBC73539FD78
                                                                                                                                                                                SHA-512:EE8D44C03D3B10A1876736D7DF6C45DA7B74D7BF8F3581C4AD8A70312BB9B0D3577571F826DA37EF9A7164BB3C741E43AD10F0B1FFFA155B81529F903F6D130D
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..W..D].wz-..kg.`.P../.E.!)$[h.._..#E.s...qlf.M'U\.h3WW.+.=..<!c.(..h.@(...<..B..,.>.K..2.9.Yn.{...B......O$.{.y...(%H..-8.....T...3.._.Y{..x..W....e..0DF....p.xn<Y.Tp..e.#.^=........`....6...ys...4.....).....3....[ 5.w...Y.F....T..{y4=L..J.2.W._..PR..r....`(.v"}<...Y...D..'W.g..D........rx.k..NB.G..D..q...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):466
                                                                                                                                                                                Entropy (8bit):7.5342836639885755
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:cudTQQNA3TiWy5XtIs2ZJm5zpO3Tf0LJ6hwsSnvaaDixTYJ:ccTQMuNv7ZEzpmT8LJgwsSr2xs
                                                                                                                                                                                MD5:51E5088FD9C5D4A2801AB2191A4C7205
                                                                                                                                                                                SHA1:BA71F5FDC3F92B0768C88DFB72561EE25FA470D0
                                                                                                                                                                                SHA-256:F019588E0B3DAD92E20A40BAA5938CC52044E07456DF76F0AF862EB7914FD8BB
                                                                                                                                                                                SHA-512:EDBC8FF90201BF043B13790D0781DDB66DD693803DFCBABA2039AC903CE252FF7ACFA64C55083B24273E6119F02C48CE36A9B2AE928C8419552EB31BE1C01191
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.t.7......q.........j.I..R....z.:.H..gz[.5.e.o..+...'#...?....E...v=........`t)..\7_&..h.......]h..+..5*..Rg..~.....z.....`..A.P..x:.$.w.-~....u...x..i> l......$..X]....e..<..0......h......@.M#...l.'....E..n.<...5.4\.....n).......Q.e.,....X...GT..{y7=L..J.#...5"....W....H'.p..^*.3.W..l2...W.....ZE2v....4....i@.....n...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):481
                                                                                                                                                                                Entropy (8bit):7.5751564499829795
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:km/4PHbuCRVt5DBydPo2DLHtLh2xaqIaaDixTYJ:km/4Xbt5Mdguhkx3G2xs
                                                                                                                                                                                MD5:BF3BA9E8209FDC085FB9D4193C1DDE76
                                                                                                                                                                                SHA1:EF640D084158C13413ED393DDBA71E6E4F27C28B
                                                                                                                                                                                SHA-256:D9190652064DCC9D15163E7087BF27BBFE4993A8C9FAE545E6581F2D18B23D35
                                                                                                                                                                                SHA-512:759FE1B2494584785B79F7D1947570F867C651F6210E2CB81E1C630659A062B7A46DAF4D34617A3BBBE6A3D13E9C626B3890EDF6C8E79D0E4AC074E2E3989AB9
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......$.....@....h.C0.Vh&.(p....&..p.v..dZ..M7.(...e.S,.|.<.....Z.`-...........a.t....H.....Q6<H;..%.0...).k.........o.JE...v......[o.JN.Y...d.$.....j.au.9...d..r......{$....v.|....K'..5.u@H..F.(....J..Z.).B.....z3....<8c..].4\.kB.9.....<.....+b.r........T..{y4=L..J.2....H..#..D;.........7..'.!.'.<@.-..|...].J0Xm.(!n...Z..m(...A.q...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):438
                                                                                                                                                                                Entropy (8bit):7.504278992440795
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:GtfTvMgdclldSJRu/D4fd8WaaanX1cPL0jhSaaDixTYJ:G9vMgdcJSJ+cf+7aWX1cD0u2xs
                                                                                                                                                                                MD5:91FC111DF156872021F661ABC0A3B963
                                                                                                                                                                                SHA1:C3457BBBD349A697E6A0D7D079947359BA9EB678
                                                                                                                                                                                SHA-256:697C1C39F07F5744F77BC2BC2407F9D9C8675E1C91937FF225FDACE4DCE936B1
                                                                                                                                                                                SHA-512:72BEEE32772B70D79231D7C685FEA16B1BF699A461E3B8A812140AA5E5758DF049C91946504A59E9D81B6046BDAD26E8771DF3C05045F2431DB72AC11C153701
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:A;R\.a..q@.u.$6..2.66..........R...*L.%X......X+5.:+.l....a..2..+.C.h.<M?...\.&^2..w*^kl.Cv..p`.z.e...}h..tW?%.2.....c...$0.0..........8ZA..3....y0`5.|Wc..}...!]ESd.."...].ZC...k.4Z.....i)......U[.e.L....U.%.5T..)y4=L..J.1./-u....p...a..@...G@....R.......H.`^4..VsGv...7...s.f.q.....r...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):460
                                                                                                                                                                                Entropy (8bit):7.538508334923844
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:2+7Z4mnmnGAO9GPHy+35dtyYQ/Z8POkcfraaDixTYJ:zVmnGTGPHtsB8Gkon2xs
                                                                                                                                                                                MD5:AF171E5A36F35E6743B64C185BFBA9E9
                                                                                                                                                                                SHA1:525E77380319B745325B88D0618AEB01CD5CADA3
                                                                                                                                                                                SHA-256:AAD726F84F03823F8867EBD2DEF0A8511E210D30EE76E4CEFCE3DD7C539D6EF9
                                                                                                                                                                                SHA-512:BFBE3F054DEB3CD6C1AC3163285D5BE1EC64485E5C8004335C8C772DB41822AD607B83FEB7BE0E4657F13AE38D4764158872DD268DA5339CF3E9397C1C02CA3A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......:F..6.P....<f6....L^..0%.......+C.2..:....r.....=.w..Sx/.....~<...AN.>....>...Z.p.\..'..Y..s..........e6...t#?_.._R?..4fn:.....k.a.D.D..q.K..O.r..pT5..J0$..@5.B.m@s.5..V...%...8..,E....]..%...&.4.......6..E..c..1.'......U..u..{+4=L..I.2./.JB.HA.3.....J!8H.*!%.F.0.1.SUV....LPf.4r.m...2..y-.w..s)>.\.s...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):463
                                                                                                                                                                                Entropy (8bit):7.551652509639402
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:Culm+07PJWSm2LJhaZv6z9LisqcpKIGoowpfKfL4yKWQ0OCz8u5C+rMhnXKXqrnd:BQrWoLJP9LisL7/owpfTydIraaDixTYJ
                                                                                                                                                                                MD5:D13869C9C7706E3A3089DDC89938B4C7
                                                                                                                                                                                SHA1:D11BFDDCCF96BCFBD984E8DC7E3CA04C1E3B6F9A
                                                                                                                                                                                SHA-256:1EC459733903C1FDCC80E625CBFCA77E65F9EF4849B057A37472D984752D03DD
                                                                                                                                                                                SHA-512:40461744A649DA129C7968435C24B6AD63F980380EDCE3CA8127D4064748DB1893ABE844BD23ACDF47114D0C15410710A0773AFE6D1E735F7C3821FB98E3F6A2
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.1..+z..Q....9[O.2..gR..\.8g[.y.J..}.l ..7K..D.6.2.............)..OFe0.f...o..$..]......J..l.q.ds...c................s.Z.`'.f...05..A..N.i..j.V.c?..\O.C.zZ...#....Z..).~.F...EI....V![s...:....c....\.l.4.......P.mv?....[#bC#R....|....u..{+4=L..I.2./..s,\.........o.....)al..W.Y..}n..P.|n...~..H.....\vv).8..QXs...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):475
                                                                                                                                                                                Entropy (8bit):7.524417020306569
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:cFiBYPh6QrGfx6ASIirpPwiCBaaDixTYJ:c4ojr0x6ai9o952xs
                                                                                                                                                                                MD5:5995F658632FC48AED407A710CBBF5A2
                                                                                                                                                                                SHA1:88C6D1BB24F610D7C4E1C6324B7491B2DF9DE460
                                                                                                                                                                                SHA-256:31CA77A9C983F69202A8C4CF0988FC1E0C57B1B88557763E2BAA2B30A51AB18F
                                                                                                                                                                                SHA-512:24761EB674FA555B530F6F93A2F64D758486E28D5C33855BC8F7716AD9F95C7333E33F3A433678C553CB9130B9C7E1AF03FDE5A2461A841779418EB156AF3DBA
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:Xu0..Q...X>*....!..`P....*.@J]=u..O ...BM.q..r...U......r?..y..o.d[.........r^V...Q ..2Q.B.....s@*....B1p.`....S.y...%...R..F...u....5_...;.........,:YX.4w.c.|.....{..yv....{WY.?.jA..V..S(...n.P..I9.........Z$S.%7+}..4.......P^l.......6a.h.....tX..5T..)y4=L..J.1./vb.'x.36#.?.V8...6$R...T.....}...lo.B/...>J..;.B..55..u.....`.r...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):464
                                                                                                                                                                                Entropy (8bit):7.508269630295802
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:ZBMdptkS2sdhxs9+BZGP1HCGy5+aaDixTYJ:ZBKtkNsd7K+B8pCG52xs
                                                                                                                                                                                MD5:01F82C2C9478AB84C043302F0081A512
                                                                                                                                                                                SHA1:4B43742ABCD923561178B2D1516C777432A57FEA
                                                                                                                                                                                SHA-256:57EFE9E0D49149971006A2F0A2B7CD3D552C0CEEECC0354FF0D6392E4C41087F
                                                                                                                                                                                SHA-512:66F4F166F15B61B9F8FC9BB01028A0A3E1E4CC1A37EA94BF0C15DF297DFCB6E98A0558DB86584C04C8EB351307D5CE9D756CEA54EE7FFA579C78C18F12B5161A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...$..N.X.....R.J.?..b...`.".t..`vJ.3.z.u..4n.`T.......i/...bvy>..F.......n.D;.K........X.3.D:a.....Myv..(!."...$.^U..j.4V..m..&_.... {.........-..T...w...t.W..:.+....b+..5<..k^../%.z..`$!xoDs2..<|D....t....w.4......&.5........dF.[_....r....T..{y4=L..J.2....D.r...vb..dz..J. .;..H..g....(.m....+.....gC!.......]......q...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):460
                                                                                                                                                                                Entropy (8bit):7.560276309855025
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:SBvMwy988fvLknPp77Up0UloJUA2YbaaDixTYJ:IPH8iPiv6n2YX2xs
                                                                                                                                                                                MD5:664E913A8FA8F510F7B1030BA642C119
                                                                                                                                                                                SHA1:DC38EDDC1E007D11E45FECDCC9BD4E6B0D3AD3A2
                                                                                                                                                                                SHA-256:B1D98C7E0A4B29A92525771B1F9A88BDFE783137424CCF1AA3603CC078711AF9
                                                                                                                                                                                SHA-512:9ABC82AFFCAD9659A02B7AFC2B42DDE53D74F143F9D588444EED99D6337BF9BE91CA93562E0B5E100F0E473F4E1288329C8C0EEB1F7557C1857ACA85DA4FE89D
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:L.+8.z.{...6-$T._"s.............f..L....H..0d....V.f5.:.....D...m"..q5w.Wq.A.u}....C..6.....n.{8.=9..}.G..t.;..&.bS...ZD..p.l.n........^...]%.;..e{.U..sZ.2.....d...54'&...Z#..{>..^....O..&t..f..r.R...4......PYA.C.T..};....t....%.5T..)y4=L..J.1./.AX...Pe....J.3..>b#.&....k....-..B.......l6....^.=.h.Y..=. @r...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):440
                                                                                                                                                                                Entropy (8bit):7.541237868086169
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:HkT41rgkshAcsdTxXxOAd/mConm9XA8grZBrGCSXKXqrnzo66uoxTQWryJJ:EM2radTvPcCoCpuHbSaaDixTYJ
                                                                                                                                                                                MD5:CBFA9DFBF147EAD21E252944D624118D
                                                                                                                                                                                SHA1:5733D7E97CA335B909D98C5D5D92B2DC9EBD0413
                                                                                                                                                                                SHA-256:01D43B5989AAAC96267567810805CD5009D739ADCCBEFDD5290496821B18165D
                                                                                                                                                                                SHA-512:8E4B6DBB134058B087E490085EA25B8D4B267BC3E631C88F9B8D794B412E823C61EA8399E40A656C4AAA727AECD986B05C8445187F8615E99145BE0AF097AB72
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:C.V........t.Aluyx9F[.......*...H...l.vNA......d....).u6...}v\...H7=..h....5!.r...\..5>...8.H.U.....(.......z.9....j....Sc.Eq.&......0t._.[.V..~.6..f....S.LW.en.O.[.w..d. m.f.4].kB.9....;.....?1`...Y.%.5T..)y4=L..J.1./,..H.9..........(.g.H.<..DEq.`.....P..!.U..n.k?<.fo."..Ezr...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):469
                                                                                                                                                                                Entropy (8bit):7.577298178719077
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:poPDxcToNgOWGQd9Lkbg66R6eD5SzUp7+x3lNswwUVOu2XqDJuXKXqrnzo66uoxs:AsKsGQqedms2XVLVOu2XUJuaaDixTYJ
                                                                                                                                                                                MD5:61218618919C40E5F775AD4934696CC5
                                                                                                                                                                                SHA1:820462A327B01AE3B4685F06B046318436F1B9F9
                                                                                                                                                                                SHA-256:3835D82983EFAC2FC1C4689D359B5CF571E8E521BEABCE08DCE9140A1C682F07
                                                                                                                                                                                SHA-512:F5BEECA988ED9CC738F4C19B88646BFAEA4D856E20956AE4EA4A75A9700731F194501EA5C18E6BD76985ECADBC55322C898D7670DA9A0CA65023A28E4919EC7F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.....f.'1.U.b...P5.*...z.cO. .r......e.9........|..x.i....y&l&...g.....8..B.........bZb#.....G.;;....cm.C....I_.......v....JU...%\.<.._0On0.(...9...DHW{._.....Vv]....uD..(;.rK....d....L.8...N...ET.p!..]`.4........!.....UZ.fC"p..2.......{y4oL..J.2.,.';.z...P.~rz....^L.|....A.bg...s.NN.-......6.).}.Z.H.+........1.u...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):464
                                                                                                                                                                                Entropy (8bit):7.513915182977493
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:Pb1BhNuKEcrnLCZsLTmAHKXNBpfaaDixTYJ:D1B9+kH+rd2xs
                                                                                                                                                                                MD5:37BB849E20630E73AE0ADFCE3B5A8C1A
                                                                                                                                                                                SHA1:4C52D76035B650022FC2B824B3DE3EFBB0120FE8
                                                                                                                                                                                SHA-256:2C74AADD0A583E749F858A87A472F609815233DC6F882471758E8A57E303E26F
                                                                                                                                                                                SHA-512:5AF2E32F2222A145F6CA91CA68F556DF0DAD9D5DF2EFD7E851171EB6B8EA4378D1474FCCBE5861C7EAC2FCAE3BD2B0039D647326A6DC43169B42EC72A6C2ED3D
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:Y_..u.K..e.L.e..*Hwf5..dv.q'...x).p.W.C.Z..$...e....t......f.&.U.e$.....~Y...z.....z.....6g'..-q%.,Y./k\.V8.i.<.V.7o......@..$..C..8..]f..^....@.b..@.b.T">.~........Kug.R.......-.....'<.....$...'75.K...`?.5.V.V.9..\......q5..]....|....u..{+4=L..I.2./...V._D'.o.y..C...?&...Kw.U......c.q.h.#..i.Z...Z.Xq......aIQ.[.s...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):460
                                                                                                                                                                                Entropy (8bit):7.538159137265338
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:vCaNF8P6PfNqK301Gm04Mql8BDPpaaDixTYJ:6aoyR3Uk2xs
                                                                                                                                                                                MD5:3D4F9D962F91988A251331BA575FC77C
                                                                                                                                                                                SHA1:FB9E239E376EC217C3BCAA143583D76755815EB2
                                                                                                                                                                                SHA-256:070E8EBED2FF7DDECDE9228B6A53FAC58D15D3742BF9E33FA57E120EDF4E3F00
                                                                                                                                                                                SHA-512:14733EDEF5A54B6604C4EBEE579114C271608B9FDF1F4B0123EACCD6849AB964FCD88222C8F626494B1658582A76FF22B47355FE60B146F696ADBEE7C23BFF89
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:/....E...Y.......O..g+.7.....W.?.W.y3.....=l.G......qp.CO9.....~..^.Q..b.z../.H.]".t../.'...)u.p....h......37.v.../.x....*..f...g....8W....b.. &>..<...I<.Ez..p[...m#ETW/i.P...?.=.c..s..1.C.>S....[.4Y....~1..C....L4....&.7F@...T..{y4=L..J.2.[t..L..(.....R.N..Z.....`|e.......i.K]..}.K...r..E.9?..v.D?q...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):457
                                                                                                                                                                                Entropy (8bit):7.506490488600424
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:0zckVbQF89eyITw2C7vSWIitOT+G6+ukO31JN4jJ9WZm1Mv9rhXKXqrnzo66uoxs:MVEFX+Iy+1O3zZm1MFrhaaDixTYJ
                                                                                                                                                                                MD5:3A16CBE29AC533D22E347A3BE27CD7FC
                                                                                                                                                                                SHA1:5708BF4C84DCAFD0492AE81D59BE3518F8168279
                                                                                                                                                                                SHA-256:2B59CA85E07BFE8B0D20620E4E20C40ADF2E5F25188D7699E2B65154BC03CE28
                                                                                                                                                                                SHA-512:13A9CEBA223895690B79F9F8995ACFE953BA045089507083A392048C0FAFB0D4C3859ED6A036720BC48BE9887DFF70C7B085B3AE1354A7BA94A47D73EE0516B7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview: -.A.?..W.C.c.....M.0.(Z;^.g.B$..]gg.Wm..A...f...E....Q...Y..(...-.\.s.<..].4..1.?...#.l..2P..._1G..i....MC}.PB/..r.$g.crH$XE.....4...u...P..2wZ.,./.=...."m0...h%VY...qo..[.s2.29..b.T....m. +.9..........4Y.....4...oT..I5..x....D.......{y4>L..I.2nP.'.G..]..;..=..4M.*.<..a3.2..S.>=Z..z.v..:....70.8.E;......io...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):460
                                                                                                                                                                                Entropy (8bit):7.51360725345245
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:jNJLmoHhIgAMOzReyFEd8n2l/9oZ6aYbwkVJwEtXuSXKXqrnzo66uoxTQWryJJ:LLBIDdeyS8nM1aY9raaDixTYJ
                                                                                                                                                                                MD5:C06C08CD0A91D226BF969EDDBE6B82C2
                                                                                                                                                                                SHA1:9BBA43A4A04B11E6299C42BD491556E94FDDA901
                                                                                                                                                                                SHA-256:CBF3ABD064CBDAD3C9DDEF7A855354B38E9ABD8E8C31CB1C83CEAD75927B0083
                                                                                                                                                                                SHA-512:347BC60F81D8CA0F8F425C91AFA1CC9CBEBC889A8A4DF9FBF8B61C8D502D6A5F11BB357F40F7112A10EFD8FED71BC752372590F97C24D21031582BA99F772BF4
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:a.CP.z(..].Y:.E.Uc.....2/.BY..T`.....O.8V....A...<S.j06.S.....3*:.U.i..:..)+.p.IGq.{".){G... u....~.C..........?.`.......\.l..?RI.e.k........~@.].....G....P.i..d..k..gf........X..VZ..-P...5\...oq.T..!C....4..fB....<..6..r.Q.5..@.#.qD.......{y4>L..I.2.^M.#}z.Jv[...5..{.$k....H.d...a.(....f.ve>...d..$.$Cm$:..o...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):455
                                                                                                                                                                                Entropy (8bit):7.564437991508525
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:STNOO0ul1oXI6iYUpZMtUFruoYDFHLACaaDixTYJ:STNOO0ul1oY6iYUYarWDFrb2xs
                                                                                                                                                                                MD5:600CE7C3A9A032CD10731E98FCFD06F1
                                                                                                                                                                                SHA1:A33F3961576B2B658C78239819153C37683ED533
                                                                                                                                                                                SHA-256:901B1E4477408A7AB6CDED60F167F0B4A235934DAB0D04BF58D0FB2539C74A30
                                                                                                                                                                                SHA-512:B59C5A7F9E85899D4DB7A1BADD9731EFA75ECF404218B264AF72C07AC1B2279FDC106F9F15DFD473714EFD46A8E4BA52D098F4FE003E8046AD15F77CBD7C6A4C
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:\..h..r..H6..&j.9+.D...|._Y..a.^cT..Y.e.B.....4@.tYm\.z.a........2..{.h......c...ri...G6G..y........k_V..%>...NG.9Q.....{h].N..D...;}..a..=.........#~;..C.:......AZ.Nt.....W.)./.e.ZQ...w.q.0...~.....4.....).\.......14.......D..M.T..{z4=L..J.....]C.",.g{.=.U]C`.1.!..9.....9....".........3pt....0.hY....vm...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):476
                                                                                                                                                                                Entropy (8bit):7.584505317002828
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:SeSmUIbatDRENKVvmRxCgPWoslUqco8saV2eKYi1pOb7UwgjkRnL4Sd8XKXqrnz5:SyetGgVvmiqi9uKwVdk28aaDixTYJ
                                                                                                                                                                                MD5:B339ACD9FCB3AF7B4633C6331AAAF353
                                                                                                                                                                                SHA1:4EE509A88BA74D887CBA8B725712EE4C077B002E
                                                                                                                                                                                SHA-256:380BBCE7B28A594C8460B286241E53D03E44DA987619ACEB5988EB7BD68E6350
                                                                                                                                                                                SHA-512:7C8713469B6249CED01743430895AE0577F9AD5D0F1E92B14189A746E3698AA8F9A4648501113F127B3A7247C7D5E8E3604649B513834EE48C58C4FFF25B53EE
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:....8....(....7q..V.3..k=..).<.f..VE;!.w..w...............k.Jy...u:~..j...P.....z.p"..v3.:.$....q....G.........Km..a.(.(..L..&..L(.....b9...Ah.+..m....n../.F..e.2[.f.Y..../..3...S..S-/.C..x...=._$O.l..\._..e...4......P.l...-.t..%...L......T..{y4oL..J.2.,.';|..y.B.}.X.t.k......>. @V.....@.l.n>.....q0....L...........u...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):463
                                                                                                                                                                                Entropy (8bit):7.580998664393648
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:hEce2/kh7VIIshRk2cEKn5MQGP3an8iSaqaRMViVWQhe8MSE9krUVlzXKXqrnzoQ:324wEUjEqnxaaRivkrqlzaaDixTYJ
                                                                                                                                                                                MD5:0222C96D756FD52537E3728E05A0FEC2
                                                                                                                                                                                SHA1:BDF21FC5D0610A9F1B978A38C15BAEDD0188E543
                                                                                                                                                                                SHA-256:C63567980C5F5C042591BE4D0A6A76ACE9760AC543B12DB783307FEC87983085
                                                                                                                                                                                SHA-512:8F8551EE784227025616F22274BBEA07681BDDC72893736B0DDBCE833EFEAE04F1E7C7FC0531F18AF77DD8C8C9E9EF79C869F6F219C65CEF1A7E6F828F8C93D7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...&[1..R.&.P.{i.....-bdZ....0j.1..b.3.. ...d.k.N.V.R.w...B...h...+.z.t..oE....1...J!..=..<;oY~..).m>...i#Kv....=..x.r....G..l.......D.Y3...;v).d......<.`.8....1.YA...m..$q..lg.}.b..0f..f..!.I7....H.R.7...4......~5..C.....7.t......U..u..{+4=L..I.2./.....0;.;..l.G..n2^..n.O....N..l1W.i...\..\...= ...@."o.W\...Ijs...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):456
                                                                                                                                                                                Entropy (8bit):7.474786335810845
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:8AyBn9ac9WDo7ZQipNeFymQqo+wdXTRvaaDixTYJ:nSn9tUsVveF7Qqo9Rr2xs
                                                                                                                                                                                MD5:B42D39CB1019682850DF4DDF6CD3777F
                                                                                                                                                                                SHA1:A687B197A33337CF69310151CA14AC2A995B4498
                                                                                                                                                                                SHA-256:446C8BB5E46BA160474DD3E86F269FC80C75F6F897EC690129752ABE0E2802D2
                                                                                                                                                                                SHA-512:88F1037B06676EEFFD9045455F77F78C3C39C5774106491AC2E4E3860524A41B1CB8153EB04D76FDF1807F94B60DFDC14FB1D42E57AE5699E9DC9A8E27628385
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.J.{:|.....j..0j...L....V.,|..6...5..........x. }.6[....Zh...X...;.|......x.....2.@.H\...B.......=;.C..'UU4g.R].d....z....t.\.LQ4.n....<D..5-...p....;"....l......Y(5.._.......2-..=....|l.a../......ic..4[....P.B......Ha..L.k..t...5T..)y4=L..J.1./)X.h...!..h.y.e..r..?C...9.HtA')....%..;=.5......?[..>F..W.Hr...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):480
                                                                                                                                                                                Entropy (8bit):7.598283774966884
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:uUX/TyiBtHiSwhq25yWBGulp0B//vaaDixTYJ:/Bl5Gvx3p0B72xs
                                                                                                                                                                                MD5:FD923AD8282EB0282C6C83F60BE83FD1
                                                                                                                                                                                SHA1:5ABB7E876BA9F4240D0557CA116C5A5F3D20593A
                                                                                                                                                                                SHA-256:A28D1CAFA843426F661CAC9E9F25A47E4086A25978977D1AB24E9C105DA7A5D8
                                                                                                                                                                                SHA-512:CAA684B195CADFDAD839E162B9F578AEAE409057B909DB3336B1170B0901D7227964C8D36425A7F2DBAFAB38DF88C8F8CDE40C557F0FF69E4726FFCB6F61BE1E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:}..!.....h....0..n..?....keb .~.._..R....o.M.Dk.A.r...l>..2........=4H$j0.i.....q..t.TI..W.G(.1......t...<%.sK.n.l.Hy*J8.2V%,.+.v.F9|..[..tN..l.Sy...(..o..f...Z..U..2C....l..V_x.*.......^Zg. K.h...6EE.b.F..@Y........uY.4Z......6........0".G.....tX..5T..)y4=L..J.1./{..z......W.N./n.M)6v.....C.........?......wf`.+j....tk...r...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1155
                                                                                                                                                                                Entropy (8bit):7.838032676266435
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:5cI+S6ZsVDEM41R6UgHBC6qIWCAiaePPgjyi02xs:58S6DM49gHBC6qIWCtg5q
                                                                                                                                                                                MD5:FCC6C8F18A63EA4309E221CDB0ABCDA1
                                                                                                                                                                                SHA1:091DCD9A92C88E97324AF6F8100C362DCA1EC3C2
                                                                                                                                                                                SHA-256:2980EC848FAF31211A2A3A577F379711D90A342C00B961407F4090392C16828F
                                                                                                                                                                                SHA-512:C85AB6517654B1B47DD190FC80DAF11E5477F318161AC410FFDC3FBB914CE6E04C4489B4A5A1BD0C34E8408DA02971C5E6713C2BB97EBF79ED05785BD68341C6
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:P.".+Z...Y..-...w.j.yk...a.....p...?/0/...;C.:..0....C.`a..AR.RXH-{xK.]....O....1X..[..?....d.....SC....8l..E....h%,$IY.n...\.5z..<.}n..O!.&H....I.J.3..v.*..(v..R...&)..[..."}.....,.9.....a.Km...u?.3.9...0(.uE.j....H0....)T...X......#...i...........(...V...n..V.y.o.k..g......P..[..{.Z..h.D.<....7"qE.4..YZ$[^t.L.D.ti..>....5*)s(.....6.^M....GL.[.."V.i....|.p....@..=>w{. a.3R......=.>....I#..hT....[...P9......u..s.....J;[?.Q.B.n......^.2.na{./.9...26.q..s..@Q?H.UJ&^.L.5.oPA.6..........h...........f.,........;.ih..T...c.&..,.....).#...t...".zY.....v...%7..e....L.2.....f.o..WW.G1..,l.....'.....yI;F.V...x...>$..6y.=..K).^........._:..VQ.......L...,.>.yy..A.~...91#.&"i.p...AJcS...],.....a...d..nJ....IA.l........:Y...M.....W'..y.nV..E9\.......E....P(.0W.|Mi......x.m1..D.G.X.W......\.2.F.:..$...q&.y,......&-..t.S...X..)}..*px.L..W.>.%J...y.V...~........~-.~.4W.....~5..K..c..f.9.....D..M.T..{z4=L..J.c..z.Kv.>.......H..Nf..i...s].......bz...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):253
                                                                                                                                                                                Entropy (8bit):7.185808434342309
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:k2Ndn8xk1KytkO0BK3hnXKXqrnzo66uoxTQWryJJ:k2Nh8i1ptkO0B+paaDixTYJ
                                                                                                                                                                                MD5:D909E16254B8B64A892FBAFA4D0542B0
                                                                                                                                                                                SHA1:E4235A49A8672032237221B0D89B0BDF0DBA1A5E
                                                                                                                                                                                SHA-256:144426B46F68E508D23F8D21965AAD74D40BD9AC3E3075BD65C770E1C8E290D3
                                                                                                                                                                                SHA-512:76F201320710203F748690FD08225E1D695E3FBE049B399F387E9BFE2F2528FF34C1047F1427D10E24938EDC38424D4158C085E1F61E305E79D785A9319DF934
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..Y.;2.<......9.LZ....4Q.....Q...*...h...A.....D.... Z.k.a.....9..>.WN...w.u,...y..t..VH-f.4^.........%.F.d..._...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):291
                                                                                                                                                                                Entropy (8bit):7.254266215802391
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:YYv6i4MCYi+C69zsy7ljuglpXKXqrnzo66uoxTQWryJJ:vTrCYiL69zsoiWaaDixTYJ
                                                                                                                                                                                MD5:3B7DE81C0AF5E183F74EDA05A1BA6D48
                                                                                                                                                                                SHA1:F0E7DF89B973050208FA61311449F51DAABA5552
                                                                                                                                                                                SHA-256:4AE3F97B83A126031AF6093CFA71FB3D836557372C68DCDF8019E70DB8F665A3
                                                                                                                                                                                SHA-512:88D4A3767BD570CC382B1815037E4366B1A044361427E1C2B0EC81098306F2CC8839398A1EC2333C99DF385681C8C3C90D4589EF95B1D79E3202975A1ACDB84D
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:h6.T;..8.Z"....,..3..:.^............I!.....?..4W.....~5..K..c..f.9.....D..M.T..{z4=L..J.v...g...{.Fb....8X..%P....7b.&....B......f......7.w..rU..Abm...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):253
                                                                                                                                                                                Entropy (8bit):7.12659716955438
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:W/UvQskq0fflnDOPhXKXqrnzo66uoxTQWryJJ:GUvQsmlWaaDixTYJ
                                                                                                                                                                                MD5:F448E4143001C4191206EC272E731CC0
                                                                                                                                                                                SHA1:4C672D12D9E09197D1F9FB3F8B46CD967E7BF280
                                                                                                                                                                                SHA-256:075A4BE5638E4EC3FD851F6A7B669E2DC083B62A967C51061BB83518DDAA9B68
                                                                                                                                                                                SHA-512:01BD179EE483680C29985E190461EEF934923AF5480DAF50D6FC151FA23B0FB15E5193928D8334BB37765AE99B5662C389160078FB76B23571DDB8063F397EE1
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.5nh..........t......V.4Q.....Q...*...h...A.....D..tJ....\=>f.xO9.0l.....zq.......I.r....#.z[.9..7au.L:.7.....T_...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):510
                                                                                                                                                                                Entropy (8bit):7.625208572146697
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:kU5on4tSEL9vN99GdEKulzclVG7itaMcNaaDixTYJ:koHhxKJCzcls24MM2xs
                                                                                                                                                                                MD5:0878D7DC89B182ED63E84B7DCEA1A740
                                                                                                                                                                                SHA1:6EF65F1616B3C505EA60D484A759C74B731FBB7E
                                                                                                                                                                                SHA-256:6B484335F7E2D1BE541D82CC6224FD78E7DE3B102D13282C256E79B6B5B32A10
                                                                                                                                                                                SHA-512:EC7F8FA4AE51FFBE593AB27C4D58F6B0BA5B5D9F09BF0BD9C889951DC40E3A4DF1E2C1B08B9BB54D5A76AC8AB6665D40F930D0ADAB397D2572A2F1FBB48F1EDC
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:./7.........f..C.vb....qz...gO.."..+YZ....\..Z.T.....p...s)...h.H..QyG..a......"+e.Q....2.4........m(-G.:.z.b.I.,vT.M+.cA.D.g-ka'.m.......3R...9.....^y..... ....S..zL.G...4.,....-.=...w...^.n.......!. 0c........._.wP..s.C_.Z..m.i.......u~..]..9@.L.]e ..."..h{....p..4p...4'.8..u...h...A.......A.{..B.W..R4..KKSV.OV..........%......p~i...S..r..P.......[...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):480
                                                                                                                                                                                Entropy (8bit):7.577866547759006
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:RWaRyf9Lg6dbAF+FgC2h98ajnEn5EY6NChaaDixTYJ:LymcMF+x2jjnEniY6gZ2xs
                                                                                                                                                                                MD5:A98FF6082D0C033E83B212F192DC225F
                                                                                                                                                                                SHA1:F5E316298C82B0E73AF7441ED83C3522B11088C6
                                                                                                                                                                                SHA-256:1A65F71B26BE5F8A17F5B3E3EE3EF8B4683D8ABEB0A00D938311B2B8CAE01F6E
                                                                                                                                                                                SHA-512:77FB8EF3011030C0E1B5D95C73AD66B681C8EE3D496744F268B3336177A2FB9FD279CD99EED33DBF16922116944B6386C084F789651C75513AD87F49E72D345C
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:a./'4...].....*.:.2.@4Fq.T.v...<.U#.Tu..$..6...QH...)..=_.....>]..V..r..V...G.f:......Z..,....'.Ug#j{<j...F2T:O..f....".qJ....9l..S-..d.....n..q....T....z..s...q.R...2.........I9......B...w.f.....(.z2Vx.....`.n.W.........W...F 0..4p.....PTl..>..h...A.....D....T.5!...r.x..6c.#..w..uf.....d.!.....nRC.}g.....S.7..0.....KH#(6c...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):248
                                                                                                                                                                                Entropy (8bit):7.105234239897661
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:6+3kSO3Xv4PSRb6O2YbPZnXKXqrnzo66uoxTQWryJJ:v3kHBKYbhnaaDixTYJ
                                                                                                                                                                                MD5:63B19C43E426881F093D751267F3B38D
                                                                                                                                                                                SHA1:2952A211F1E6A5CDC70444E8B183130F660DDC22
                                                                                                                                                                                SHA-256:391619E2D0D7E35AF0BF3AFD767D17CFF9CFFC8B19DA8CE6127AE0C2A8200F1D
                                                                                                                                                                                SHA-512:02BFB73EDE71E8234528F63BF2A535EB2F889D2C6731E0A39FC3BD060D4D248261B36D315702A1B43D679FA2ABBB5B63F5C430CD0AEAAABB8DAF1811DC5C3AF0
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:~.J,.`....;.....4j....`..6..%...h.U.A.....D....T.......`......G.........;.}...U.n..s.{;...~U..7.C..w8R..`..b...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):557
                                                                                                                                                                                Entropy (8bit):7.58885394866345
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:YGjDhFvCUU4OgwKxoii+viypGgK1Brqoo23aaDixTYJ:ljXU39KxlbfDGw2j2xs
                                                                                                                                                                                MD5:B4CC57717717725839BD94E1B27A1F64
                                                                                                                                                                                SHA1:D351707E13FD3F4F61248E02686B0089333DC95E
                                                                                                                                                                                SHA-256:660B05376AA7B8B6D26F6F41844CA8A095D7E321C407F382785D95FC3B3A22D9
                                                                                                                                                                                SHA-512:C16567770A58711D7D75C8C56651635299744A3342C224D23DD7CD92E4EBDA6B305C16DDDED3218EC6A826ADE84B7C1E41963166CC8E7A5E13F5036A24D87D1F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.]d.. .6.).I..lR.k...f..>....aq.Y.j...eVh.L.......Q.8..K.-....8_.........\.r.\Y.J....L&..S+J...Y....V.o.y.....F.K ....^......^j.<....B?..*.H.^...t.k.!.....1.)...M./O......MgC....@.......<@..l`..^.D"..7G.YTT..>.[...R*.....ASE..Q5...Tot.&.t...+J..e]I.|.G.4..M..?....E)......%...[....e..s...H.....EZ.1.%..fV..i......(/.4p...4'.8..u...h...A.....o.J..O.........W.....ud......e.u....C.=.......}...H..P..]0.[...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):524
                                                                                                                                                                                Entropy (8bit):7.630574141944895
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:gnkJnLiWQHX75ny3RCjn94Jwmps0ghaaDixTYJ:OELiBHBEMjn94J9pVS2xs
                                                                                                                                                                                MD5:57FD2286919611CF519355E135AFD6C0
                                                                                                                                                                                SHA1:C9EAC093817039C7518457458884F1D2AD3A7C70
                                                                                                                                                                                SHA-256:337E5E1F6BCBF3A3D7C6CE61E354B838A3C730A8349F50F1FAD05508BC63740B
                                                                                                                                                                                SHA-512:9ADA2A75AC995BF613EA649077C93274BD2863ADA5B3485BEB55CD8E04E1E02AE6135B634CF57BF0CA0B0224790566B706B6EB777FE91F695A6A64AB2A00D816
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:OBzx.."^<.,.G......S.d.....l...H...@.>!K.>"a....N...C.*......9t.........b..a..u_]'E......mx3.%....=..^.MR.Q5R..N]......G...B..^m,@|y.D...-.r&....EV ....s......I...B"Q_...f/...ey~.P.4.BQK.4".....JOH..2.S8...iyO..s..|..2.%..(...m`O...S..6@..K....:./..UM{.{..5.w.ea.!.=.....4p.....PTl..>..h...A.....D....T.(3.Z?.id..Ts... .?.Y...U.....F.+.. ..s.AE.....(......Nc.j^d,Zf.c...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):283
                                                                                                                                                                                Entropy (8bit):7.261786732070618
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:eoSd8+XkDJeUwY+joXv/vXKXqrnzo66uoxTQWryJJ:eoSGeUw78/naaDixTYJ
                                                                                                                                                                                MD5:D60EB0AA8168EA0D5507B38E56101A5B
                                                                                                                                                                                SHA1:D84932A2F7C290543424CAEBD8C3EEE93B731623
                                                                                                                                                                                SHA-256:172CDBAB9F62145747897EFA5D0193C33E53D4154741C550E8094121857997A5
                                                                                                                                                                                SHA-512:8A9B6EECD5899B13C08926ADA30DA56FE5CB7C1BD62D2A3093603EA8A83912AAFC0F36ADEB38DCC3B4CA26A421E1537D13E07D5BDD2419E792854ABDCB3974E6
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..U.->.P...5....k...e%^g2..F5...I4...V.4~.....P}l...-.tX...p.....D....T..xy4=O..Jk...2.;'.....fi....G9.[.7.3z9-....E...o.:..b.=].!...rT..}..p.$l...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):731
                                                                                                                                                                                Entropy (8bit):7.690844805071825
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:/bcQDk62WnGt0D4sdhXKjgLe9OqApzUV7tBXTQ7Vn76vJfJnaaDixTYJ:/rDcWnGGD4sWjZ9Oqt7thk70vnT2xs
                                                                                                                                                                                MD5:3C877F2978E7DC3043FA7DDEA6904A11
                                                                                                                                                                                SHA1:13FCE7A61FE3F9F08009B7BA3A6C8B5597732847
                                                                                                                                                                                SHA-256:0B804C4A05AACB7396E416807C85B68032770F6EC3AC588932C12C11C527C05D
                                                                                                                                                                                SHA-512:1E6203EC8C67F3163099755B4A3A3D41718C8D03C55293C8A887CD10B39942D7EACA8266C9BB6D1918A10A1F4F0227B2D21AB0A12E408A3C35A0AB4307700A13
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:c..@....YG........(.`H.kQ.$8]f...x...8(I..A.b/.......^.8.tQ....H.\......;g...EP.+4v}..J......>.\...C#..o/...}.u....G....c..uQ.%.I......T..0g.4.......Q.Z..+(.>g.....{..A....EL...(..d.F...0...B./........7..QL....."H......>..L.. OH....,._....q.$...uT....)s.P8.........._.v..Q.s.....B.u..`........&;S.AW}k0...~.e.VzP.e... .......c/..Ce....e.)2u.k...f...q.#...A.Z.#9..c.!..^.g.j.........."|L...>cp..:F...m..B.+.$.P...I.EK...... .YMNP..6...$.H$@.....|.......4P.....Phl...-.t..)b+....r$....T..{y4=L..J.2...J'.E....7....K.6.8....O.Hs.......?..d..._...`......4...Q.Xq...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):283
                                                                                                                                                                                Entropy (8bit):7.2216984706997875
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:0vttexXekDJZFstVrRjrkVYXKXqrnzo66uoxTQWryJJ:0vnelZCzrF4VYaaDixTYJ
                                                                                                                                                                                MD5:0C850FDF92014AC35DC12BBFD4F3CC7E
                                                                                                                                                                                SHA1:354B0FFDA0C711A66310EC7296604491EA9B14F4
                                                                                                                                                                                SHA-256:124C3C22C39E5F522AD588B4F59BBB2182FF581EE4E0BF8F35073CAE3F8AEEFB
                                                                                                                                                                                SHA-512:67A352995C93DA0BE258595DA599008EA9880383B8538AF6CA58E1A0641110E66137FF084913EF497B55B56E9B351A32120002106B3F5BCA7A614CB0FA0897BE
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:....e.....s...O..u.0...{&....``......4~.....P}l...-.tX...p.....D....T..xy4=O..J...g6..y.{..'^..2.......3._...i{.~B../|.A....8t..X....w..a.l...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):20712
                                                                                                                                                                                Entropy (8bit):7.990918218171031
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:384:OPexuebTA3jejh0RAx1EAtxC/XYGAPFpTtklzDL6s/H4QyK/M:lbTQGSRAx1DNFpTmlzT/t50
                                                                                                                                                                                MD5:9D8C3F010C0579988A67C704A94F6584
                                                                                                                                                                                SHA1:F11C35099B94FA67B707B49F03DED3140C665F14
                                                                                                                                                                                SHA-256:DF5C93453ACE5BA86B9CCB7FCB28A7C1E451D2D361F5CC1790BA358925BFC46D
                                                                                                                                                                                SHA-512:435A7CB8FCDCF08520324EB25BD384EBB7A3A1EE5C2520CFADB7C00AD9EE3677F19E5E8325747D11D1332EAD760332B179B4EBDAD1981E57E857DA9CC2852956
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.z.....6...2..i.f.~...2.......^bLZ...1.Q.._....g.I..6.YH.w.;UFi=.m.I...0.G...x4.'.d..+T.......(G.q.Ne3..G_....z.K.....u.......}...)O}..G3B^...{...F.D.../.}6.DW....G.D,+.oxvRl...F../n......?Y.I.....q.}..H.."Zq.2.""../sD`...D.|...B..,....2S~d....i.....C.*.l.I....h0E0....XHLdsp.nn?...2......u....1.................T^..{HB,.8...&.;e.g.\.i.-t.aw...nE.......C.."..].nr.}Z......|<0...%.3G...>cTzp..L.k?/.......p.qC...Lp.N"..G0..:.^]..9{.d..@...... }`....wKh.O..Mc..i.qq<G4..0.=5..'...pn..G.).?.,....5...a..r.1..ZW4.Mg%y..E... .}V...r)..2}.%....!C.+/.C."-...^.qR..../;.~.....!..W\KO....?fz....B......2nVZ..a......=.....U-...4....4.PJ....Y].f.E........_.q.B.0.....+I....Mp.'..K...f...3X..Q....k.p.3.#BS...F......{O.....Y.........iT.....^b.r./.G%.......x.,..j..`_..,.RK/0q...hJP.^....mQ...q.e.......N+......0.lm...@".h&.x..|.q.KM...a....Uv.u=0..{...A...G".+%hd+hK...E...J.Lv5.......k.,.$A^.Q!!......F<;.....!..........H..TA.gCK..-...].Z........:%....{.."H[.,.Fg
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):347
                                                                                                                                                                                Entropy (8bit):7.334029335483731
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:9ojZOCSv0kXCkVud4WTzoFC2/NdYinbn/yUmwXKXqrnzo66uoxTQWryJJ:9+q0dkMd763jYiba0aaDixTYJ
                                                                                                                                                                                MD5:2F0BAA4DAE4F6BFCBA0BA2BDE436B13A
                                                                                                                                                                                SHA1:B4CE97090A482FB36D6E3A76D3007E6DA9CA6696
                                                                                                                                                                                SHA-256:79C3B5C447BC396A0256CCA2540839822B74FEFE3CD4B1A02BBB3AC20E54B745
                                                                                                                                                                                SHA-512:7E7E592A1EC03BE7EE68D09D033B56A027AD2541B6FB581E221DB1412ECB2BB771F3D47DF8E5663BE4386FE6E17FD7B070F9C9FD9E55C27DA1D725B526D30ACD
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:#.......qa...F....0a.\a|7R..R..Op.M6...Uy.C..v...J.yH...O.G.'@[.....]..`.2[.=./..*.l.6...4Z.....PJl..-.MI.tC(Z......L?Y...{4.L....2.,.';y0........~..V....E,y.......G.W..X.U..a>....3..g.@D.8e....@ I.y...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37113
                                                                                                                                                                                Entropy (8bit):7.995031092568833
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:gMN4XuFwRhC3pgc1l05V6BGSDub4PK26E6vpMdDYQBOpWUzMaSh/5y:0uFEY3Oc1aV6Ub4PK265edRkbzMaSG
                                                                                                                                                                                MD5:FF30A9BE8E17C670790FF80CEAC713B0
                                                                                                                                                                                SHA1:EC59CF5F86AE5B1839041CEBFF332E6CF3F05D3E
                                                                                                                                                                                SHA-256:A945E48FDDBBEB035E3AB769386E62DA4BEDF8FDD5EA3C94F19D9A12DBE016E4
                                                                                                                                                                                SHA-512:AE9F893A796152EB7417CC12F71678CD3DB4D32C84DAD6A5ACE2BE7DE9CA0EC23F3AA89CB8A9F6FA16262C91E1C8BE12717FAC3B097C4D5594EBE8E62D2A97E4
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...`.F..G...c....,.X.(E...2...>U..e.[C...N..<r.....}h9A.....@......B7....AaR.2.<k#>.Z.Q..6...*.....$..E.[...a.R{..%}..."o.U^{.-....*blw.J,+........Q.6..:*..g...&~.y.cHn..N.j|G.9...V.z..S.\.p.2?..Q....!..F..p...h^m..J.>.....7.2..U.:u.....;.2E....:...]..e.e.3....#..,S.|..P.Xq...k9..@.....z..j....DM.*c...!.P?.!.z2.YHG.....S4..n.|8....y..qM.V..Br|w. k?.J.r.o.A...z?I.R.....d.-..gaD..<...3..t N......T.n}.3...5........t.cOJd.8.UO-.P..h....l...q....jW$^jR1..%.......B..w..-.^-!#.V...}:....zt..Y-M..DVM.U...j......g...ei...@E.......r...,.....B=.o..+...%J.._5.o...K...j....`_t..m.......>A.=....... ....>.P.6..=w)Q.._;....~.z...Ia...i]W/.H.gH..v*..eB|...B.9I...0.U.n.1.?...Lt!........aO#.f....7~..'V...3v......m%..O..s0.s..H.n..o\..YG...D.C..[/@c..qi..r....(............U0.S...d.......U......^y...m{:....a`....u.f.._j5.......,.~6./.E:....l...[.+v|in..P\AU..`..q...n81s.J`...i...%.t\.<j.H...V-...e....!.|;m..~.{&....x.Y%z.G<..9/n..B:..}.8....se..yQ.2..
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):511
                                                                                                                                                                                Entropy (8bit):7.571274370693652
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:EdROTpS00umW2KuRZ9xXFzclT9QU5oCJSaaDixTYJ:df0umHKQZvXFzcxCb2xs
                                                                                                                                                                                MD5:A4FDE6598B7CBCB1DA3824FC8F1A54E6
                                                                                                                                                                                SHA1:5B3E4A38CF3E4607D86F05A7688FAED54F0D0F06
                                                                                                                                                                                SHA-256:8537909DBDC6BC05495519E3DC0F329EBE5B47A4239105E26A4C719B97B445A8
                                                                                                                                                                                SHA-512:D52E3FEB5B3AA713EF39C17C6E55859360D980F00E8BCA21DCED646E274C2C4836F255CB8FAE15A4B8D0AB57834FE472747FA7F405C41E628E93596DD9E4C6AF
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:).[..3v....~ROb.....ua..>........be...,6.....3-60:3(....C[.....`..~..............7.c.w7..c%..}.u .~r..r..y....W.1e.|..(.*AE..2.6..M.V.p/ft.n...UL....>3....T.#K..,.>.h#.3G.X...Q0K6?..}..x...J........e..q...vE...{zvGs...d.G.L..o.D...?....hsj..zmux'..k...U......[..0 ..H.5gP...PWl..>..h...A.....D....T.....0H.\...D.Y,Q...X.?...9..1.....9....$R..x[..OD1..>..A.....c...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):248
                                                                                                                                                                                Entropy (8bit):7.123235826376333
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:8zrdSO3Xv4PRWb7hDvmpXKXqrnzo66uoxTQWryJJ:8zrdHh7dKaaDixTYJ
                                                                                                                                                                                MD5:CB87668A2E9715B25D7C11CD0635B179
                                                                                                                                                                                SHA1:BA57D87B507BE881FA7E52E6C6FCB4400F5DF85E
                                                                                                                                                                                SHA-256:E81409673D7FC25C44EC4D068AEAEA1ED561AE56F8AED266C69ABAD17909B3CA
                                                                                                                                                                                SHA-512:CC61114EBB91CC6726626AB3A83AE8149637524639A33B5D56B03A5C8F4EE0EE8727C9DAA5265B53FBB7A1CFD6CD3355E18736BABC73D34802793A93401A036E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:=....d.u.......4j....`..6..%...h.U.A.....D....T.x.....~.l..>7E....1......."..).6%,......Q7.......(.*x2\,..K..b...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):545
                                                                                                                                                                                Entropy (8bit):7.581478827317233
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:bRCLq1txbd2U1D2XBXn6aieP3acnE+zuaaDixTYJ:bRP152i4BJPachE2xs
                                                                                                                                                                                MD5:5131765995815CD8BBF1CA7CA2B00C44
                                                                                                                                                                                SHA1:AE022F7C540533CCC6CB46452F53CE7A515A8DCF
                                                                                                                                                                                SHA-256:CCFD5DF3AA2CA7CE288517E27EB1595886D6B3A7E67B77A1566D5E36BCC2233E
                                                                                                                                                                                SHA-512:F2E44CF3F548E0CAB4B52F7C259B1F9C9E708B0C4820E4F20AA915DE8352E74214C09C1250861BAB676C1D8BEBE0C5B80B5619B8DD33A4AEBA73D5A697FAA38C
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.......O\0..29TXy>a`...n...h.....H.....g....$..=..k........`Svp..iB..!.%.Wk..7.....G.~w....zF....;..;....'...dh.x(..._ Fh^y.G..H'..,}..f....$.S.E.W..H.....9O....k.V"......Z......9.<#W......Vl....G.G..:@.~..2z.C..22.c.f2._+;.Y)..}R.G..Y....`.H...AA..D.2...\.......o...9......C...o...Z.@/..^..Hp{...1m.T...MJ..4p...4'.8..u...h...A.....R(*..FQ."&..a90n.<[.@+...U..:.6..g....%O`,b.Vu.A{b./... ..4g..[...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):512
                                                                                                                                                                                Entropy (8bit):7.538214219397054
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:C2+w6C2Mj3Z+Gf/oLCAYQjnlAwFi2naaDixTYJ:R+RhMzXf/OCjQjnlw2T2xs
                                                                                                                                                                                MD5:88273034ACA816330DBBF893AFFA9152
                                                                                                                                                                                SHA1:D1A7CBBE9F0A987EB119FE0A37D5BA0E7F122089
                                                                                                                                                                                SHA-256:C9AD657D8DB32E3898531E05C09FE0849DA132E615E72C661D0A997A95D5BB0B
                                                                                                                                                                                SHA-512:6E7D840688B15794C1A3E465ACC97CAE971701E6AC84EDEE98F8F2C7D62D531663FFA252B0267AE7FC15AD050F1F698CB208FCB70C98C48B807224F604EBA6EA
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.....!....><..#A..%.........?.,...z3...J..m.!?n.o.ax.e.~..\......{.5..p....%..l....|r...`...a<..v.5...:.x.*."...........P.b.Qv>.>....Qn..6V..!..:...x...*.kS..!#.`=[....N..LHoC...D.$.5..._....|..&...^j.Jb.LsD&.-..(.Z.)..e.......}...@z.yQ.......#...R:>.y...y.nd...R..I.4p.....PTl..>..h...A.....D....T.4..$.3|......r.L..{......G/+...6..8..X.E....,'e....cb^..?.8.c...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):283
                                                                                                                                                                                Entropy (8bit):7.2411676403263865
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:aOJAPkDJJ2RCrM8uvUblnXKXqrnzo66uoxTQWryJJ:aiJIhvOFaaDixTYJ
                                                                                                                                                                                MD5:4C8C008B63CE18F6B00428792E461FC7
                                                                                                                                                                                SHA1:7A70CD580B186939956E9179183B780C58348103
                                                                                                                                                                                SHA-256:0E2781146B471C2CACB9F1B137BE7AABFDA9398D0C5A9435979F4075AF7DD146
                                                                                                                                                                                SHA-512:3D3BD35D9281A40A8A55A1BF23B89C5F471BCDB382325710A7919790803FD2ED460F4AD5D301809EADED8A3A8C7968C6B58C1507EB4504C3DEF24266B91BADD0
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:(9.*nw...p.zQ#.....5..8..S.2.^.y.`.)..4~.....P}l...-.tX...p.....D....T..xy4=O..J..A.e..H.6.].EW...\..N.:.@.u...#..X9.L.mL'Dwh1.}%.../v2q._..l...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):131313
                                                                                                                                                                                Entropy (8bit):7.998764139463664
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:3072:n+QuDs/Vy6sTFD5sK03/fdUSnXAGxul2Ey4pnRZHnRo6f1BY:n+QuDs/Vy6s55g/fz+4Ey4pnRZHn9I
                                                                                                                                                                                MD5:495C4822B96922884A83321A4E10CFFC
                                                                                                                                                                                SHA1:2F6E3EA36C8449734B5D24996DD259064279FD61
                                                                                                                                                                                SHA-256:7EDD81552E3F524C6ECDFB8FDAEC9B43C61A1AE8B672F97FB4740C9F4C6EE547
                                                                                                                                                                                SHA-512:DC1ECECFC5AF0715FC05AEC6DA6D39E4C9D49D4EDBA7790EBEDDF863A1C641CC1481C437B89F1D51270064A12502903CF3DF106FD7A282DABD13443509570D62
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.h..7..........S7/..R...r..c....)3.G...g|..3..{b......p...NG.9..*.~6..[M~.~../pm...q$..*Q.:.>... 22..d.)......@..3. r..G.`..d.D..(7....................9..apP.ha......x..@...........TP..j...`.o..?q..G.....09..er~...q.v5L?..'?....:.....LP..f..}."b.yM.....`..>....-.<.~...J#..&0.w.A..M-9....}VQ.y..T.......W.....7....z..W.<.....................m.i.[|".Ys.T.!.;...&.o.};...4T...]n.Q.y.0.*.t.......D'y'.k.".>.V.J~$P]d.%b...G..t....Z.I^7...wn..|.dQ..*<..j#.....D.."8*m.V.~.le.|.4.!.<A/.Ue'.... ..va1.G..K....O..kL<..J7Q..U0)..T..7.:.o..J1.M..........M.(.vW.w...*..E..B.Z.gv....!..H....Q)......z.8<....E..."...Oc.tO.Y..A..6...V...wNLi..T...y*j/I....e@..7h"gD....y6@....:.i%.o..*.Y..j.+G.|...t.g..$"T=W..x5..r....vv.....5..|<I.....K.e..b1j...\F[x;!..%R$..........o....>.$... .C....<.d@....{...^9h.^...'5....H. .V.P...b)..h.....i.}.s:.F. .U.XGO2.S].._..).J(Sy3.T...........v....v....3I..!.csE.l.......%d.?Q...2I.1Q...A.96.....9..z2Kq.>z".....=..Q../^.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1487
                                                                                                                                                                                Entropy (8bit):7.899881796960494
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:FBnliNxsYOmQCmufTQt2WkQqUBU3qrCWAwv8KqE3r0CMs438DoNsXfuD2xs:ExAbqQ85Q1U3uCWA+8KqE70CMVsxq
                                                                                                                                                                                MD5:261F549952E5D01CEA10B4BE5976A8E0
                                                                                                                                                                                SHA1:FB8C97BC4ACE0737893C958666CF850831313BAF
                                                                                                                                                                                SHA-256:2C1A27AFC14AB13A1189134EE4EF65DAA72AF63D5B66DE51668E8A0BB3DD7F79
                                                                                                                                                                                SHA-512:97CE083ABDDB6761A026588510636E1FAB59DD61F0F80E6431A96C3567A7D8D291B4C30146D7ECBF836451BC32DE803F1CC85ED94038CCE41AA49F6E8E97B170
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..3C.<hm....gh.`.v.!93q.VhY0l....u..V...8....p.g.:.#.c8R....C......C6E}....z.G.zM...j..../.J.....I}-......^bH`..o..6..)..J....&.e...25G..B.s..y...... ....6.....U.....M43b.#3,P3F.Vl.a..F...l./#LJ.8;b"........kC..x.....;..OJK-.}..STN..T...%n..p.G.L~....Z..J.......iN^_w.....,._k.............9:....g.g....1*..."...X..9.. i.V_.:x,;-....n.y.1.Z..s3..f..-8.p.4.....Gw.0..y..!?[.......H..i,n{.1.......~u0.ss.m.1.\...h..J.0.H....O.QV./.........S.b...s...v.Fe....I.h.MT.....B.....}./. W........_u..l...V]-.OO3r..V..TUF.?...]..c...X.<.N.....=l...\P....T.u..>..e..U..qk...Q.x..w-B.........;...[.h...............7..oc.....yu0....Q...(.&!.F^...,*.=P...:V.c........Gq..<..&b...J.....3...aO..%..9.]z6&....W0..r..Z.V`...8p...PD../.........Ik.a.._..K3.%.-.s.0.),.]Su... ....Q.Z.o..>=#.X....m38.R.....}\.......$h,.....e_..p.....h.S.._.....zT.^....f..6.%"..;..E$..vp.W0...'$.......4.... IF.....5..V.&.qjG~....;].=.}...,........+E..A.]..4..#.4.&W.....q.'.N.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):185350
                                                                                                                                                                                Entropy (8bit):7.998935687320112
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:3072:h2anjMprxgezQXDCA9g4kH1A2UbhovwiFs4m5CCByis69xIlv3VxADIRre:zoFDzQXDj9gvlUbCIiAElis3PxAIRq
                                                                                                                                                                                MD5:08B1D6CBF8D26F4D95794259832CBF7A
                                                                                                                                                                                SHA1:12CF06785C4239DC0696F9C3383B873A36BB4B1F
                                                                                                                                                                                SHA-256:54AC6324B56E855253E5BF251F48F70E8A3F2B7786E24F949E79C5978CA6A362
                                                                                                                                                                                SHA-512:3A1525CA873B750BD2AB67673B07007B4F2F7E2B5E8D6C71885E927FEC9B6BC60B15033874184FE241090C5D346BD5170E10090C7340BB7AEC0D1016B7447A03
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:.....H.f.R....M..r~SX...f.Yql..m&C..?.$.y.#.L..<.F&..v.....w...+......v..w%..3.1..e.C....=....mf....K@@.z-......+xI..&....!..D.B......sH~...D.o........P..I.a1..."td....s...%Ad).Y..2......\Q.........bH.[gL..l0....>..3...'...........Y.!.....uP.T...k..>...u..G....N..._@r.-...........\.Sk..a.B..@l._.].....".`X.)<.......y...;-....yIsL[h*....>.eiy..bfb.......4(..@Q...X0]....p.....47vg....71A......\n..Tg....g.........X.|ri...9*h...f..F......*..).Z......G.'b6.+.c..h..V....W*..c.......OvO...K...2.(..N.?._....Lv.g\.s.h.M`tB...+..-x..;..q..?d..`...K}}..9.-...N..j..W..c...0..s...+...!..}eU....*........m..o()...*.....^E......8T@O../..:.u.p.(.E-......8.hc..p.....S.|ht..y.~=...E._".l..q.T.....d~.b`m.d.........V.p........@..u........r._n.W..%.y..0.<......\.p........f..1C....G...#...0.=0..4_x.>...9.O.x.<(j.Ml9.e.R.t.s.c.z.`....C.C.|..=. .@Z...........)k..^...N...+....y:d/...93k..>.O..$.}.5...L~......$..{.X.-.P.|6m.,Fs..u.,...)"4...ZK....@...I#...B.;...5m.O....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):11124
                                                                                                                                                                                Entropy (8bit):7.981889601601775
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:C/Kd9tBO6RljqFgGFQdNyvDDD1jOGsNHLgsq87mafRBTj+By72SWYQehPy6HNBuv:C/Kbt7HwFQdNeDX1jOvsCZfDxsYQehPO
                                                                                                                                                                                MD5:05E6C7D31ACE501DB5B33C1020966AE6
                                                                                                                                                                                SHA1:1E51333A67235EADA5EB9A3985C9F71E59C07C3A
                                                                                                                                                                                SHA-256:013D3A54BEFFFF0EFEEF979FC29769911775D236C79A5AB7F85FA88996DFAA43
                                                                                                                                                                                SHA-512:78E414103DDCF91ACF27573ADB73A5AE8EB6F3689003445268ABB918B0754654041137187AEA6D5A9F7B642CB9E0AD004759AA9C0F6C951FF9AD9E6922807CBB
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:F8..kR\I5.4....h.#..P.../-5.Q.......hR....t...=..p.y.%!....!...'.o....F.8..4.1..K+.f>.E.D....j.....1..G/p ......dV3%.d..3.\$..ij.|.....P.2t....&..7=..$w..fO\G..;T.A[.P.o...5MY......?.:..'.+..~..U..u..3..G.X.3...~7..]..kw..EY>..KW.>.Alw..K+....>..'.c.#.9a21..R.k.x.v...HA..;Q...v.........\.S..).P..Ep.......$[9T0.A...&..k..~T.'0...5.V.[.U.P.n..D.,A......u.....m.3y.i/v.i."...[..'.P.....I<.._-.K{W~W..8..o.Mw.}.qb.(.._.....=:.SdF...Pd.lKS. S.F.h5.X.%..{ISv/.r.f..'"..p[.....7.P...U..6..&.S....S...m.h.F..E.:.........qNv..`.l.s..~o'..E..*{8..=.42..H......!..#CV.?*|.-Qb......?o...Q.#.^..."...I.D.\.J..0|......0.*..\E...)J....53e.\..r?....Jy..97h.>.k....wg{G...\b6.G4.8...k..}....B.....N.m~...vOsg...pk.&.=.zN.U.h.u0AOgY...t..H...m.....%B.%..]u....U.v6.#.H...rw.y.r..6x..=..1.....s.NR..\.zj..Sf;.'..0.....;...v..B.nn.;......2...X,s.sa!3........t.P..u.$..!.).<.oim...g..^A..]w..7%K.F.#U.Cqq.5j.Q...T.F...4.0..)W/...|.5.Y.-/.i....)...J..dF....(.......o.p../.l.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):227256
                                                                                                                                                                                Entropy (8bit):7.999166470860893
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:6144:r4nEc0FZx5DR1zn6F5JVQb9AU4GE0uuOl:5Zx5DR1z6rJVQRAGEuOl
                                                                                                                                                                                MD5:51B2DD67D199CA2CD3CCCA0B991874B0
                                                                                                                                                                                SHA1:2E6D823B198DA7755152281DBCB2879A78BF62E9
                                                                                                                                                                                SHA-256:9803E8C8E8CD1C3118A3E2168410110BD170C1E6D3E808E1C0ABCF87A8A5B9BB
                                                                                                                                                                                SHA-512:907A3278AA90B84BF7074D00768A13AA0A1FFB3993EA56CE64C192C714776D260C501AD1F31368606C11F1E09FCAE868901536DAECD2ABCC7040494D095C9E68
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:{-1.9....L.x.&._...:...N..(Ks..wa"M...=....Y!.ig.B}.f-.$.9K.>..K#g....bb..u.....I...N.q..};..U..}9.}!_.u.j.1).zg...Dj+..v...h.D.D....4...gq%.f........z.b.Z%.L..LA2H$.... ...9./,.@....B'*....!...R.".j1..7..Y8...w...J9... Z...H...wNu/..\./.m.q.=n..]`.f... ...l..P..k.M)......D /.......v.......c...b.`..3..,..Y.,8.yxV....I.L>...;Kmk...RB.n...Z(cAB.F.$.\..W.fWp|.P.p....2b..o..VQ..6..\...p....)s....../.X.ueAl0.D`...O.Lz..>.$....gU..Nl.Ct.......N.).JZH..]......+..m.`mYB.@.6.y..,<..@......A....\.w}.{..K...F..vJ..~?..l}}L."x..\-..jq....I..b...^.........{.E...;....'..4.ci.|&,.S...._.V....k...B..........3.0..$4L..O.4R7Z.k.C.UO..j..Yo.N.D.S.....^....'4W...s.8V..t..)m..1.Y.k.ou...(....?.....3n...t..7..y<1.IX...R..M...`...d..|.{.o.ek......s..../....o........[.#Y'S..D'O,A.........W...b...z...=wW>.l.A...5.X..T.L.4..b...........-ri..p...I....G.`\].C.w..E...}..J..)D.oy..j.w./........J..n.(.2...9D..>....O.....U<.....|9kV...K......@....|...u,....tl..3...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):556
                                                                                                                                                                                Entropy (8bit):7.611667763113502
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:H1WphRCChXKjunvmCT/VmFsNi8LXixinjvaaDixTYJ:H1WLgChXKjYF/VmFxiX2xs
                                                                                                                                                                                MD5:76FFBC282298839741D2D31CA454E710
                                                                                                                                                                                SHA1:5067B5F5B6FD2E67CBE21BC12CEC26C5B5E3E5F9
                                                                                                                                                                                SHA-256:390565636016621A57627D5D89A34BB4832B9B81DA07B68FB00CE42691D9B82C
                                                                                                                                                                                SHA-512:387498AC236554656663E9FF9BF757695BF8C95CC8E29402761B3A15B3DCF99EEB51B8B5CED7220FB497CC8F736693202FC0FF6741D9A60453B039777249EBCD
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:p.v..{..WG....h.l_.M.A:..t.n.lI.T...! a..L.H<[<..[..T{m!._.....'...s.j...}C...b....@M..= .....9.Y..3..T.S...R"...S.i...._.O......:wIZ..x.9wX.M..a.T........\fe.8.....O&G...a.............>+...c..k,5mx..}.#.4...&.....g.7.......'...t@|....(....y..-p\.8..*.H'..!..N...9f8....N...WzFB.4|.....Q...>....}F<......t.V.@l..*M.....H.2.}.';z0...=..v'..'...5jS...].7:..I../...3H5.T.9V...B$.= ......c[..K..@...&......<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):560
                                                                                                                                                                                Entropy (8bit):7.632924402896516
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:hPoMymadZDzHd1Ilsw6zC9kchggmtuAdDCmiXWJ6fveThaaDixTYJ:9ad9zT9CK5dDqWJ6fveTZ2xs
                                                                                                                                                                                MD5:0A2B916B5D3F04E69961DE506C998BB6
                                                                                                                                                                                SHA1:482B96BFBF5C79FB622F9F6423C12FCF5996A372
                                                                                                                                                                                SHA-256:403441A9F4C325A41D4454B1D0A1A8A1EF81C75F3F87F49A496017315D9B22AA
                                                                                                                                                                                SHA-512:51D605A9453A2D0D7AFFFB4197B54E84CF8E8A07F3817339B092039D4446B77A39B7B25CE52BB9A399DA080CC823DB4AAC109872F4AE859C8E5FAABB8493C6BA
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.giq.AB...k..<.ef..Sy..ql(..>....?`.5v.Z.d&V..M=G.0*.0...7.F....]..\Y.F...^;Q..}fz|x..?..Y..W..H....:l.@.F..a.Z.=%.n..L....C*....E...)..H.B...=/. ...a....9Z1.-RP.w.:..*.....FG.7ut0. i.....:.[J...W~a.g..J.._...Wu!#.ee....\kbr9L..b_c4.4Gq.S.......W.g...rP....y.V.>w.xP&..y.$.1.|/.#O.4|.....PJl...-.Z}n..h...b...<D..n*.H..]+`.^../.';zb..=..v'..=.......p.{...Nk..B.,.@f....}*....b2[...+ W"F.A.,.{......S.3..S.p.....<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):557
                                                                                                                                                                                Entropy (8bit):7.6047348294846335
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:SlVC+MZZB9Df9BPlyHUuhTu14gmczAKe++nmrzPj34aaDixTYJ:SlVC+MZtDVBPYHUuhT6H0XmrzPz22xs
                                                                                                                                                                                MD5:8C0F02D535CD46EE1F73366D7784BA9F
                                                                                                                                                                                SHA1:47127DB82B98286E2C717FF261A43A03C88196EA
                                                                                                                                                                                SHA-256:651F19CABA60949E44EB8886240E4AA934D6FC8C047EA525B2B65CEC03E16D33
                                                                                                                                                                                SHA-512:49A218C13BF72F549A6F967A3603FA36FC915AE3078821FE821F1042C718C287938647312A2B2CBD400B4B4371516D4269081C06D41375406B98323E3A224A72
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:6.........%...J"..R.,......3.*....Z]~)....O..G.}~.&........?...rO..J...g...q....<U..D'>,}zT.a..+f...Z.h7...4..."5..Q~qT..j.._.m.3.DMu!........D..u.j...T$t.R.#RKx.y.2.e{....../>.......(..\.7..D/..4.:.?..p.E.5..J.[{Q.\....<./......<.H.4...{....[.\. ......V.o.b...b...Y.g.........~&.4|.....PJl...-.Z}n..h.~.C.R..L07...(R.-..n..2../.u;z0..=..u'...NJ.z`-....5..z..O.H...>...E.Ms..hd........i{..._..- .y5...%..N....<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):534
                                                                                                                                                                                Entropy (8bit):7.546907486537314
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:4Ln5BP5asrSlF/6rYySU5CA8tG+aaDixTYJ:yX5ZeiYocSQ2xs
                                                                                                                                                                                MD5:89AC949D3B0C7A3120560DEED077660A
                                                                                                                                                                                SHA1:EC3BCB8A29DEE85971D81D98CD9EBB537C3CE3F4
                                                                                                                                                                                SHA-256:F490F669EEB88E2AAC6F070B0321029F4CA5B71A843294BCAC565687DB1F2566
                                                                                                                                                                                SHA-512:B3C736852BAAC9B9595AAF671090D7BEB1E1C8AA050F6DEE98B381AAE90C6278D781DB6E1E7170BC950E4028B914E818B9BFAD9266400C85D4DA5E01B0F58AB1
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.......b.JU...A..FJ.z.k.~...3.i.[....q..B.O%....t..."w..q.i@.A..g.LDs.B.B.B..bWg..5{..Vb......u..g..n....[...K.....U...b......4..4..m.U....v...r...I)..~..F.>Gz..^\4..1..y..K.r.%a.z...1?3]...^..Ri)5{..=ca.S....J.....PlXi/. ..T.....Q/2...6Q....`.......'....~....Z.:y..}..Q..4|.....Pym.]....qW.....X...=..u..{+4=L..I.2./.b.}.......4.@.. .g.@..2M.~q.z.....=_........\.~..|.$.\.P<b.s...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1514
                                                                                                                                                                                Entropy (8bit):7.878948988031704
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:g1QRc6n9djMMLBBA6ZZrJVX5gYot0SfbT/J3+NmmM4nOzgUlpl3Rp2xs:gwF3F9nz1ot0SfX/pMm94JUr3kq
                                                                                                                                                                                MD5:161F76A10C68528ACC658B8D517ED5AC
                                                                                                                                                                                SHA1:300F4B1ABB3F4A27C47F11A18CEFBAB13A5A728B
                                                                                                                                                                                SHA-256:755CC8BDAD5BC89AF0BEF3F66D4C6641A54D33F07F9122C35F025F14BF9AB01E
                                                                                                                                                                                SHA-512:43CEC9C30F2A066218B6981E8F665840338374A9A015E1C6C7244ADCC2ADEF168DADEF283E4606EB891E5F4666CAD311A55D8D55B6FF5433F6EA574D3FDC4D6B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..2.N....r...#-.....kr.A...5.q.^.....O-v.Qm..;...P.....m2...h.y^..G%.2..&U........k .\.9.P...l(.1....OE...N.....5...(.....W8~..0...Z,..kp.....{.;L..L3.T..;O....@......."[.=.7oD..Ym......N5.A@.Q@*d.R<...Ql/U.i.t+...Qq....l60..[.....>.K2c.A.N.r.u......!E...\...y.A~.......y.?lS5OB.*.&^\...b..F`w..H..!(>.+%....\..Zz......X.4.8..y.6JPm....G3.\....a..,..y.5...,T-I..r./...Ak..........ww`m........,...K:.T.syR.BGt..F..(.....&?.1.-v..!..b.....'..b+.Dd.#.g....e]k.A.S...v+..Fq}..\....3b..H.2+8[....r./...[3.K.q.>.oKH)L/...zx.....+iKe.@.&...q.v(+:.Hv.31..1.?....k.l5....u..T...y/.........q[...:.X..b..:`.p..rxK9.l....._l,S....!.s..H.O..6qC.?....)...q.s.../..X?.q..9.g`.RJ.T|. ....V,b:..2....u....?...../..V$sh....E..CB.=>-..,._DeX.....Uw.Q..$b.ECG2D.z@. .......P...d.9H&X...vy.i.D .:.G.5R[......)...Z.....0L.......F3f.r.Y'.X&.x..$c0..e^./.a[..r_../.....@...> >P.dc`;.?..v.r7tY.od.t.i...1L.p5........-..i..D`...S....).Fj.e.......w....!*.d`.l..x.N....%1A..T#....r..
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1507
                                                                                                                                                                                Entropy (8bit):7.883974724997847
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:oeZ2O31EWKU41ohv46snJdMirOa8TdMow0UGA+MZksIl/FFd2xs:oeZ2O31ETnohaJ+iGMZ+slIxIq
                                                                                                                                                                                MD5:38F328DF065288438B509C5FD64E3C06
                                                                                                                                                                                SHA1:A94F6C68D789ED6257B2F36E44C639D65B29FF19
                                                                                                                                                                                SHA-256:2323727300036E619E726C6A78F0FE5BBF4B8F9E1790B336DC94B66034598330
                                                                                                                                                                                SHA-512:D7FA725F1BF6B37556BDE3502F5D4959407E2BFD711E55CC54EC20DF2281A38AD10FF38CDCE8EF5F96B462986C69665FF381F174A02B6645B8CD474B0DFA3262
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.~. ...........j.Z........V....?Sn.Q...}.-..t+2G_.Q$."%2..R..6h(a.PI.E.......\.|'"WAS..W}..N9.Q..\......64..P...I.s..1!.*....H.30.j|..s...y.y\..r...J.q[l. .....6...>9....E.j..]..M...n..R...N..#Y}{.....M..3......do......9...3.E^.<...j.......i..."P5X;R.6H..q9.r`.l...u...@7..6k. djy../1uW.E.g......H...[V.}....^.8C"...{.:C.9b.Sr....62/.....U.G.U..A.......U;u....F.Z..Z....?..<.3."1...&e.]...K.3...R|*.`r..G..~>...S~...`.L.('......`..Z...O.R....c.f..+0..m.........=.Ar+uU'$....#..<.....E......n+..P..O.H=Q./...F..K........#.!......P..t<.....01rES.5E..~.T.)..a.u........|[..y.*_Y>j2>V........kV...WY.2,u....M..6.Z..X..._....H3).(...U..~..!9.s.......3,..=....p.1..o$o..............q....S.N.!..t..w..i..hZ.=...-4G%E...U`c.BY.E......1.}m..I.~..t...W0)...L:PY0.t..O..V..T-.W.a...p..d.8dA5ZI4e].}D..M..W.g.u3..P.......L...~.}....h.4....^.....YtOG........vN.E+V.M.../.;.t.. ..2..~.#..L>..z....S.j....(Q.ZY._..x..l..4.&.+....f..i...zSO.Xo..@%cD..#..`.&......S^..y
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):552
                                                                                                                                                                                Entropy (8bit):7.674077086662986
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:mUVUo7l1XqSqHB/ecQn9ejpAm91QTwJsBEVugo8SnvaaDixTYJ:mUVUo7T67HBGcq6pRoT6GEZSr2xs
                                                                                                                                                                                MD5:19F18206EA38440EE4831C4D00186BD4
                                                                                                                                                                                SHA1:DDA44395BC858ADCE257C9DF197EB670B25768F9
                                                                                                                                                                                SHA-256:884A7C6EAE3469E7B238A70B4CD3001DA0B68DA2510160751A083AB92181FB80
                                                                                                                                                                                SHA-512:4B6093DF5DCB4A62C8F12FADED41A9494D3E3F8C18F12ABBC39291AFA3B0447046E0D7596E1907A89E0D87C6BDA5F49F4AB9A01E530F002E6F98D877E60F919E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.R....n.z.eu.*...Dk...W/.....T..".....+.._(.JtpY.B....E.i..K;..X...4.Qw..?.On.b.}7..e^.k..*..?G..]?...uu....==.6.Of..$........c.T3..6.Dj.[K6.PQg..'1.e....8.o.;$&.4...G..[......1m.....{...w.-3M2.n......b..&..G.s.#...r.D.0..".%Y..$...]N#K.f....@.`.VQ.,..kZx.&..Oi .~..^../9.5...b4.4|.....PYl....@k..X...C...?a...v..R]..J.2../.';z3..>..vY1.A.)31..s..|s.3.....p6.Kg=............t..Y...x4W-`@.l..6..~...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1486
                                                                                                                                                                                Entropy (8bit):7.890721726218841
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:Lij/eBEGoSg/bHGvKt1KRLPAnVByr/tok437ditLmQ17+9U9j79aW/2xs:2jmWGoSgjcEnV6V28t6qCUZBSq
                                                                                                                                                                                MD5:4590D8CA084ABFBE56AD8E5349A7B492
                                                                                                                                                                                SHA1:05E758AFA8C17C0003167D7951C184A1307739A8
                                                                                                                                                                                SHA-256:5868F71A0EB471CDA5C3261F80991C1E0176D5BEE0084FBA4F4887F336473D6C
                                                                                                                                                                                SHA-512:9860695F5D4BB2647C36BF29ACB55F7C7681C634C26B43D7726A190BD406D34017B124C54D8A5452AAE4D01A1E871CE02E6D65E22F9DE1686726982014D503B9
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:^....w@....O......?^....Ny.%.......QO.M...,3..b..4..(...\.......... ......@..#._.x5abz../...Om...3.e....c...rE.B.-....waO.6...1....;w/....T...).z...9VN...|.5.......{.."..m....b...#/...w..`..%......<....J}....W6[b<h4.n...j_:..Y...cX...c..\v71.,..2.V\h:..J....V...DTZ...y~.7..TGF. .hF.zB..`f.A......ET.i?2...uR.H.H..&.b.C.. ..~.gH..B...*.......K.K..Y...T..D..,.[w).A.......g.}{....O......NW................=.YDl...) ..$d..e]o......8...C~..iK.D..#...kR.[.7/.........C.>0.<.n...H.\R.B..o..eI{.~.....i..B..x.4..Y......gs..c..0.9.^.......'.XN.K.%..{..A. e8G.....fI.Kd.e....W....`.-.1...GHqK.?..%.c...^".=J.n...pD..G.s........;..l...&..9..J.!....:1..Q...f2Z..C...h...$.ZJX.q=.t4..^@.^.... d.#...X..z+...l.k.A..!.st.......@w...>..qJ/..V7z.....E..%.YU.....p......(P{.RS...]F.~....d...!...0.....7M#....F0C.t...<$...:.e....":.-..y.q..`2Q.m....{..u."g....b+..D..v*.5[...'.(.ej.......n5.2.....g,"......T....O..Quu`d<.X.y...TV......%k.g>.9b...eboqr.........V~..Z]..sfg
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):558
                                                                                                                                                                                Entropy (8bit):7.627673190427274
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:Ff5OwOVkCxlxw5IdMv3QR8PrKnvKjc9UH/X7jkpGaaDixTYJ:HORREIOvFBjc9UH/X7j52xs
                                                                                                                                                                                MD5:253F81CF6684CD2C152490FC767CD203
                                                                                                                                                                                SHA1:C154C20D6537749B9B739BD361EA5B4B828ED61E
                                                                                                                                                                                SHA-256:26B8AA0F56A5D8365002E3CCF903A4EB3506566FEA88A29F4DF4202E85CCBD1E
                                                                                                                                                                                SHA-512:9AD4F7FAC23F3631385E1FAE34BC7DD3D2BCAE95777FA66D9648DE10EAEB4DBB495291035C39D4EE3DA2E6FBF1C14E14AC3BA4FD6448D629E6E63968DDF854E3
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:]E.+.1w...O%.....?..;e.)..J..2-.]..U....cu..N......&..(.MKi..{.........}&"\...'...z1.T>C............>$.q.w...M;m.>...H.qP..z...k..\r...p..P....Sf.....cF.\g.I....hXN.1.A.;.[..|......8..}^..<..a.]b.K\.Q..r...............Az..y.O..^..3.;1...A=.......!.K..\.....^...\'..j..q.4|.....PYl....m...........$=..`v,"h.f;.2../.u;z0..=..u'.......[{...6SC.b..fs.w.V..r.T.J.D..&..(2<<6I...>..-..L..e1....<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):545
                                                                                                                                                                                Entropy (8bit):7.608884078782774
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:u90oQ46NngXiBJwLsmSiA76l18fxcDP+dtV6HxiaaDixTYJ:u9y+Tw7jxcDP+YHW2xs
                                                                                                                                                                                MD5:682983D6AC873F8301BD7EE4F899A1A8
                                                                                                                                                                                SHA1:80C327EF1DCBB8250497BD9D1042667FE038061F
                                                                                                                                                                                SHA-256:7C84ACCBC6E3E503BA02E377209E20CCC905B59E2603E03E42DC0E19AE635A17
                                                                                                                                                                                SHA-512:524EA9F4CDD1334F45AED887E38CEA05981E00A67F7C6148A48B60E9C76DE6D98135C85F93D4BCF462B12333CFC0390C72A32FC4B5E67C2D4726503FEBE47AC8
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.=J..v.{..7XEX.../....Y./J./.E2._....6...:.'#.?.<...b.q.)xI...L.s.....wqZ...4c..o.+.U....2s..d-.`.2B+.Ko.X..I.a.*./w...i.......gS9X...G..A.,.m...b..f..h..+._c.".....B..Q.?......P..u...e..nf..k...4j@...o8?..L..V[.'*....{...c...Lg.c..)..}..1....,.z%............TC...\...i...*.^.4|.....PYl....m.r.&.2...](:..[.6=d..J..2./.';z3......NCe..3.}.Ah..I.p....G,...i..#.P....J......SL..c....@...z...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1643
                                                                                                                                                                                Entropy (8bit):7.885396194380726
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:mcmpodt61uFqxoU2aTgXhQyVA1w8KLjOq:mcPjF6RTZqA1wNV
                                                                                                                                                                                MD5:0AEB32BF6A160C1450FFF380C864B56D
                                                                                                                                                                                SHA1:22EAF4EB4FE9637B756A1EE88CB728150DF7AB0A
                                                                                                                                                                                SHA-256:61C56AE0A2FBEF1292AF4FC08F2C59DEAA9B97AC2239A5AB6B7D7122DC1CBBC1
                                                                                                                                                                                SHA-512:56496465C15A9F5E9B27BA61D4CC4102D305DA2D3348778E6C6B835EBBCF2715984873AD315E5D1430C653121895B9E18ED7538D299BCC42EAC3CC9645773DAA
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:H...G.......G.//.S...A.T.]...........#,..$4.E6.2...<...Mp..!.UD...@..*..fd....fm.KZ.1.o....1.. P.QS....w.(....1y{.(.[.).....-[...).+..[.....@Y.....]X..D.U.9_].....F....iUh...I. ...j&s$i.j.[..r.Sc....#.doz._.n.p.s...t..Y.s8./.~z.N<.....y.s#.F..V...UG.il..T........*.C*..........P5..Iw..p4..c..:.F......uMY...6.n..,..8.t..3/..3..ZZ.........l........1.d....QM...I..7..>a~...aMT........"..:qg.......v..D].....<=..;Ze....7.)....P......7.GB.&..W..M.z.].[..U.J.kB.....y....P|Q...O.;U.<|mk.._...h...L=.vA...`%......5T....(.M...-_N...To.\m....0.&.3.9...S8.....u.].Zm..+....+Y....N..y.h`$.cI...!..6.f.r...$..Nf?..._...(x.v..\.w.....m*.H....rr.+.Ob._.U..oao..OALS...b!.............wt.~.k.*B!.%;..2.!....=4....k...u.....<H.!..O`.(....0h@...A+0......j.5i7./.1.*S..R.A..&..0."./..2...oF%...CfJ3...<....B...z..gF.ad.r.._...t.L.Y.]..&\J.....uyu.4.5a.b......1[..g.)l'...Sxx...{.u'4...,.....n.0#...._...p.<..k.j..P.%........8T_.'.*\....*....+.3C.m.2X.}.8.....[!..
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):548
                                                                                                                                                                                Entropy (8bit):7.596408705660265
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:JYFNQYIVZqY8fhdIIhpojPsU7roXp8AhQDyfrCnekjaaDixTYJ:WFNL4n8fvIQpojPsUvw8uQ+jjkv2xs
                                                                                                                                                                                MD5:00B3335736BCD25026D042918C6BC50A
                                                                                                                                                                                SHA1:ECD476ADA91595655EE8D445C6EEF45E57C139EF
                                                                                                                                                                                SHA-256:6AEEF34079A68CFD2326ADD06FFFA532A4187A9D94948B2158BCEA60C935BA0D
                                                                                                                                                                                SHA-512:91F897232E3A5C46388E5AE0D37E857A36F340AB7AAA340C29B23C63E84DB502C35B2E07D3340669069D195A22CBA26CE108397DF0008CB0433A95F4F5146A3C
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:W..c}..r.3....<.:9.k...T..5.3.i...$."..{.......DY.L~d.uz.D.u.v.>}..;..H.t.......&..&*.....(.......Ou/...^.m.D.15.V7Iv.+...[Z...7'l...<....a...e..UI.....a..IN..K...@..L..s7.t0..'j..[i..t....^....,..f..kR.Iz....K...N.B.N.?..D.].....i.`.;...I..Tj...h.<s.-..t....g.a....&.Y.b".....4|.....PYl.... .W....d..l.(.W....].?L..J..2./.$;z0...=@..52:.B.@.........^.....<hP.u.....+..vvY.6U....P.p...-..O...{...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):538
                                                                                                                                                                                Entropy (8bit):7.600754425254017
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:dT7YkTBp/flOkC2J7ZgovdycBT1nBQXjcLeCcaaDixTYJ:dT/b9FCsPvwcnBQOev2xs
                                                                                                                                                                                MD5:C38AC29EA8C449F0AC2F07B431FE46CC
                                                                                                                                                                                SHA1:B9C5F8F23BF855324E8B7A09D02407D0697541E3
                                                                                                                                                                                SHA-256:1C9017E54243DD86A0A7F89DE4DA16379C49486F61AC968CBD91507E0CC0031C
                                                                                                                                                                                SHA-512:5CAD9D6947E51E44E5304907238247DA145701607BC67783888170C320C4D0D9E7A5490494C120FD02E0A48BFAFD51DB5E5B6A5054A7F9F599137EED043174DA
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:E.P.....x.`.7..o.i...N..H9.....N..1.p.K.^..q.....f3..Hge...J..F.....*.E...I.O#...*..d....X..Lf.O..%....Fv`If.?..4..>..qA..xp..1..X.hX.-..$...n.....rb..,).).0Q ......ZR.......L..b..+J...[e..^....!...Mih..`.`O.Dp.).=.a5h....x>._Z.......Ck.........p./.,.z.....Lt7....I.<..j..4|.....PYl.... .W.....L.-....V..{y4oL..J.2.,.';Z.....I...Z31u}....5.5..Fn D......(3.XF=....OF...C..m.%..4?.u...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1508
                                                                                                                                                                                Entropy (8bit):7.852210870521429
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:qyQm7IyaLLkfJlWIELPmPulmd2FPIpBBbY9nobEtryqfA5rRfTyPz95j9FJgZ2xs:P73rJmblC2FPKBBc9naMryOArRbKhZTm
                                                                                                                                                                                MD5:5AE74440AC224FF0E34B371312DEFE59
                                                                                                                                                                                SHA1:E9CCEF2E81D5210F61AE62F3E551D73DE862027A
                                                                                                                                                                                SHA-256:7E6764328CB5B2337CF9C86C41505F4459CC7ED61FC137CBE4E0ED9619C00EE9
                                                                                                                                                                                SHA-512:02F8D3B146270FFB351D7BB02768B9ED75546B4D82230C6012BC331FE15ACB80E5C3F64625CCE8D52A3E293438966D657970FD6AE489AC7072945DBD8FF03B9D
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:....u.e...U...7....T..8..zA.s.$.....Zb....9....z|..-...}....Y.Nn?s.6.......AD3..q....x.....i#....\....{.f..!.T..B]...1!%..W......P......M..}[....0<Lk.n~.{P$.me'...+.l..[6...&%..|.....5gY.B)u?.{L.M...v..M*v...E..,...`.....D...d....z(.3.I....Cma...rtnb../..u$.F..kC'U..u....$...~'[..S.;>..<*8$....k......XhBl..BX18G.f.=.l.S<.n."..[C.#.k...W.....-.......9f.mh.{E..v.Co..6.....FC..Mc....'.c.~...y.)B...[. S;.Y...P.............=8E..f.......H....qHx8 #..iY..~B...~..xP.1..^....ei..b..w..3.A......N....y{.e.+n"...N.&.,....[...(..$..S.F.)../..-......#n.L;...ik,.)...%..x0H...L...........qS.......)bt3yT..Q.".f..,..I ...(.!w..b.?6(...#.|*GP./A...*.l......y......i.~......BY.X...j.u................WD..E...M.fI.V,.A...&I.urj."......}...#.......d....=....7..rt....G8.Wg.-..>..%u.}..s}...O...O.tj..[...d.*R,.D.(..1.0J.......".....O&..'.../.v.o^.SZ...D.S....c.F..23.r..q.E.%3.07'..O[......J0|..i.W..B.]..D..`....l........z-rg.8aq....-4.?is.%mJ+....c|.Y...--.T....|..U...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):5472
                                                                                                                                                                                Entropy (8bit):7.966495053054617
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:x96khrE/V4y9g7UFkChdK64gwDSIp6q7Iv64g1Ql7ypQ+s4PB1T:xlo/V4E+ngwDSIp6zbuQlO++s4pd
                                                                                                                                                                                MD5:BEC4B04E5BF4F0318656B36BDB7A5BB5
                                                                                                                                                                                SHA1:E04DCDFD473CC8F68D004105596573FF1D26E5AF
                                                                                                                                                                                SHA-256:C7B2763BADC4E352B1A5814D793C6D3AD69A717845C91F8ECFC497009A6421BB
                                                                                                                                                                                SHA-512:E9CCB90C1D76593591640EFB50F43BFE624E61CB3B9FCDB93A22756E09E4C297EA0E7871651A54988FE350B5DC496168BF548480EA3FE419AEE072F6922F43CF
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:\..}.l.{...>.zf.B.......K\k...............Fx....*o...._.?[ic.9..M,.R..h.....w].<.#....>*.......n_..Mn.O..*...d^$..N..nk...a....5h.r\.5Dd......Ve.%..l;5..b.).!.G.9c..e..u.Z..M...%...%Sr...;.I.dz@.o....kFFm4.;..4.L.!...0.g"...!cQ.....>..~y..".=^..s..Q.N.....Q......"{..X..D..S...#.u...a.&.bXx$\..........#...h..{..S!......./.....V.v..Uf,.n..=....R..L....).T..8.r..4w'.T...d...}.F.G.fy.6 M...&.l......E#...E.LX`CB...<..KLD, g...O.6.x..].....X3o.F.......1.$.W.fm....G........cdv05...H..5...r./...7.N..1. #...Ro..Z....BY.....=.|.'$.1>.2....F...J......z.CtqG..L0%MD...z..H.J.r.jO.........`.C.$L....s.N N..,mS.RN..........B...'.5+k.Ro...4&.0KB5.....Cd.E....8.9q.B.....z..\ij.{%.......y......p......y../_...f...M}..3C..N....(.S...|...0..3$.z....!a.......<.g-R..0W...{..Y..u.=.......o'..F..Z.Pm)...]...u........M.....q?.......j...b.M%..y...t+q.p[.X..a.n......HPU...;...$Q.a%.%o`.O..>.W~...34.....u[..7....9.m...NJJW....x.r..~........U.k...I.y..h..S.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1031
                                                                                                                                                                                Entropy (8bit):7.794300489760321
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:IsN12xpoQH2WsxTPDdxpQTSHmWRwBw14ksM2xs:I7vWnBpQ2HtRwBwWksHq
                                                                                                                                                                                MD5:063B43DC132D0E9BDD78099320E8E44A
                                                                                                                                                                                SHA1:C664CE863FD44469C0BB29CA31104B223BADCD16
                                                                                                                                                                                SHA-256:3E20DF32FA91442E2047FD7E98D6C35A72461A42E24DD75B16A515A3FCC94D29
                                                                                                                                                                                SHA-512:E30EEAFAFDD21422504405732FE7877A5B2AD54BDA3B6CCDA7DE8E3667A3C906FA11D0B660DBE8557779C4C3476FAF1C9B7247D187F2E6D90D424DBD73CA6564
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:O.."._...e...$.../E.N.t0.....D(>..]... :.NB.p.2.j2.q]H#%....1.....1U.z&..E....-....5)5.J.d.Z.W..u..<vg1...z.!.&j...0._.....#.6.`<E......Db....8(\E.Or.....^.iHF....Wk......-...1.n.f1\-.W..D`..g.H.7..+$&...m. ....RsS......../...H..^G.l.........#.E.A...H.A.xN...e{YJAs.?...?...VB....e...%.&.|_.,..XG2...."...KMS!....5L..5.. X.o@.S.j.o....Z...{e..9..<..b.C......-..........*w.C.1.H_pL&zfp..c.U.s.{...kYsDl14R..u..e..F.C...{u.C{y.B=.x...].4v.S...9.r^.Q.U..[.).t..u-.f.WM&..Az..C..e4.a.XY.[..Q...uF..2.Q|....h..c....u.&..C..4/?.........w..".>....k.:L....n....z{.v....|pR..6....S...Oj1...Y...xF.....N..:..V.ws...DKL..>k....".o:.^i.....r..p.Lj...oHaK.2....2d0U..xRPr.x..?.........F.,0.t..E...J_.....I...;.bA........k......TR..n....$...h..e3e...%..i.>..4[.....Pql...-.Km1...t......u..{+4=L..I.2./..*)+v.NJ..D.....p.=..l....E.......0..n.,.....9.#.`.Y&{...ds...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):236
                                                                                                                                                                                Entropy (8bit):7.048713998565996
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:A490TXv4PHHBXYXHrYWKfgXKXqrnzo66uoxTQWryJJ:Aw0TShoXHrYWK4aaDixTYJ
                                                                                                                                                                                MD5:02229377E9CC61F19140FF37F9C2D97B
                                                                                                                                                                                SHA1:60D272117BD878743CCC950390B2B95FDBB2EA2F
                                                                                                                                                                                SHA-256:F1AB9DA82F45A309E27742DBC07F5726EEBE7968ECDACFEDA15CF85B9889DEE7
                                                                                                                                                                                SHA-512:42E6B3F1755D92C693FD4072901C20A073605B22F49E1DE0D6023AB7FED8EE34587034FB707EEE245A89A234B96B38755B8FCAEEF559E79E73C2692F5DDE57DD
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:Pm...4z....)..v......h.U.A.....D....T|. s...?..s..F0L.p..Z.}.d.....'\..v...#w..[D+.o%.*...'u:..K...b...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):3059
                                                                                                                                                                                Entropy (8bit):7.933758607535835
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:3ibOUhwYG6poB8VE52M6tt/A+H/Ol7o3bSVKlUS2ceDvZ7tj1/k7dwyXPBYnPq:SbOUuai1Ctt/A+HWdEOVKlKVBpYXPBUy
                                                                                                                                                                                MD5:0E99671E294165A5D97F2C38BBDF129E
                                                                                                                                                                                SHA1:A9F6607874902ECD201035853ECCBF14BB772D0F
                                                                                                                                                                                SHA-256:5A9F5697EBEB3F87D1A87759DCB2786818C289C8FFACC9AB4DFBE0D04823D1A2
                                                                                                                                                                                SHA-512:59C5AD7002D5E679739E6A7FFE9C7291F3A94FCCCEA25BC009CABE94A38EE0DE8823914C2DC12955E94E25C488DA8379B2CFD26404677E40CC2287A8A8EB5120
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..^.].I.l.aCw...^.kcA..2..L...6..E.3..b7.<...[.....=..6..X....F$b....tK....=.C.5W~5..".....P=.......#.erA.).r*..jL.|..L}.../.._..L....q.z--.)N...1..5..u....u>)DMU_..N.........&y..m..<_.&.2........^.~.._a.. ..J.3...?@.y.D.......r..-......QE.?o......G.4?...v<6....)0.<..k? H........&..b.}.O....8.._..2p.uE...x........4W..h...<...J....b..m...$........g..y!G}.)I#.... ...<.........:2..CeP.h>.Q*..........k..d............k.....~....l....uU._6.OZ..k.....Wrm..z+.....z;8.....N...$....p..:]..O,.;`_...9X0W.n....W....".40...YR.p!r.O.;.i..f.`xt.Z...|....l`r#.D......P+(..d.O....FQ..}n.....?..i.....SA....uDA`...$v..w...>.x....5$/.m.V9E~..PZ..#c.0.}^.Z.~A...l\}..<..E..U7#...yYU.s`r.R.rW...h...?.|S..?i.C..{^ZDD.,l...l.6.?)..z.D.O>...:.3#A...%@^........|F..|.B....;Y.f..|.....r.2..q8..(........~6FsPq..r..k.......B.;.........GL~i7w.o....B..[...H8d.<....c../...rh.<}.}....gc...p..g2w.4.X.h......}...5).q".....}h..P.5.&..".5G....M.>#.`oY^..u~.$..%.h
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):12533
                                                                                                                                                                                Entropy (8bit):7.98471269447411
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:0Xs7cTnAkg6G79dUuVMuDtRkWGXoCnqo/D2RazjUlKPBvJmUqGzV:wK5t7PZDtRkECDD2R8UlvrGJ
                                                                                                                                                                                MD5:41D0EDF2A1A8F680E6AD73019C378E57
                                                                                                                                                                                SHA1:B6E0E8A8E00B3E5D04208C6E0718C7577A08FC49
                                                                                                                                                                                SHA-256:11B07DDF9229C6A23C75030E665BAED244DA29822FBABAA1182177534FD28FD1
                                                                                                                                                                                SHA-512:4EABF71E838B71797319FF72CBD04EAFBC4638BA0CE1EC3024AE83E245C5493803885169342C6BBDE5261EEAFFF6B6A00A336EFD0C73073240863B52D81CEF81
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:))..9Y...C~...]....:.6.d.........Fl...c.Q<w.4.AQ...Xc-_D}s=.+a...r?.F......T7..%n.%J[....F.LW..,.......5.-8/hX..J.U......V.p......[.0^fw.hZ+.....j..m1.F.5.k..z.xe.P.*..[..T..U.L..YA....<.A.4..F....N:.].>N.f.|..I.[.%e;.K.......x$/W..k..=>.}.N.......Vr..O...S\y4..K.]...AY......*r......B,.qx]....}e.?.8.vO`..?8R......c`...]..^t)..p%..!ey.``...}?/..qC]......f=..|.[.;.=.b..r...a.<c.....eI..R.X..~...[.....O....'....Z..U)W.=I.....U>....lD7.J...k.a..B>..Rb.l..|.{u.....I}$..q.t...l#.......-.gk!...Z..wd....{.uft8%.........U.Z._.>....m.!.V....58"..3}.x..Qo..1OO...,..S."}..+..{..u...h..#..d..0..<..vJz.,.+J@......WW..I.&...&h./..n..R...e...F..Q.d.}=.ZJ..Z#..-.y...t.$RN.Q.S..)..)%..k...C.?#.x......E..a]...EV.g....=.s.E.@.Q..e`...V.S..@...Xwr...ckhhe.+K/.\...FP.;.....*.w;..!.nZ.%.:.SA.v............1Rx.).j...D#.....;..O.j..n...6..Z....kN.....V.;........z..{.+.az.pS]l.G..$3.L....y.+.....(......C.....m.aC...h...A.W.QKk......b........P..,.%...y..La....^.]L..
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):842
                                                                                                                                                                                Entropy (8bit):7.756500257030092
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:Nv6NoXbUcVekxut0pqW1VYcwrwD8paFObLper2DHyEkaOWggpaaDixTYJ:NvPbfmbcVYcYwDSper2DHRkaN72xs
                                                                                                                                                                                MD5:48086EFE709B6146D7237CD88C413448
                                                                                                                                                                                SHA1:B7EEAA2AE9B65AF93FC58DC852BDAEE8940A08DC
                                                                                                                                                                                SHA-256:5C0D513DD0AF35108E311B43BA177975317CF5B7C57FC30ABFD4EA5C6F335705
                                                                                                                                                                                SHA-512:235FFD83C516EE78603BFEE61A8AF0C0EB3E379A0B1025195631BF167934E1EB215510F10E60EE4BEC65A4F275F807F6CB6BDC8EF23EE32270B809C1E9405B52
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:]....$..D..t<(5.nU..2C.......^..k....DWc..RK......<....#..}...y.=o.H..;.D^....X.0[...0..C...[!1%=..%7.*0.*jL%^.5`..&!...)...d.20gR..T...o.n..s'...i....X .(.3.."....b.....W.?U1......<P.x...... .Eq..C........c{.s$>A#.k.*.L!.n..lQ....d[..Uqu.1Q....F.e?].....To1'........Ju%..K.*.h$..aPa.........?.n.3.a.${.^.IT..b.+4O{.:....I.Hg..?,.Z.!.../.ar,.v.d/.#6P...L..&.K.....4...U..{.Wo.sV.}.t..*F=..D.r...v{Ksj..... W.Nt.Z."W.}....T."7.F...^$b.f.....^.j=..I...E....Hl..m].~....%.}A..D..wV.......W.........!.p...7kK....A.9.&.8..=?.$<.1.QWciTS.KJ.8..H4.....c.4.....o.;\J......a..as.$:9.4|....D..6..B.....n......X...GT..{y7=L..J.a.....S.].....+[......$(ZY*.*...>.8..hcD...z..0..,..$../#..6a<n...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8424
                                                                                                                                                                                Entropy (8bit):7.976181912510588
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:ZbSTLQ8aNhZHIy5gjzn9DdiGgI+s1MkGFe1TQBVWltnSC7n2ZvpJvH00oa3K3Bhj:ZiLQ80nHJyZ4l0Mxe1petXHRogKRhxKk
                                                                                                                                                                                MD5:A83F35CC0D74014BA7D5902CB7F22431
                                                                                                                                                                                SHA1:8193451070D7330E1178B42E14521B573221DE53
                                                                                                                                                                                SHA-256:4F81442125242468D621A267FFABC02BEF89D31A834EBC336E63755BD8B0BC13
                                                                                                                                                                                SHA-512:C1EA6DFB86DD3CEA6E8A20B46109826D906E7F1FD635ABD70209DF0EFC39379A8B8FC20FF47FC95AE262CA35BB038415C92E25F30736D7DD5520AC70D7A30DB1
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:{.....F..ck....-......MW.r.."g*....5w\...j.sH....Eu.H....=7.,.F.+q.,56.-W.Ir-P..R..V...q.:.D..3.S..q.?....._..i=.N..5,.GF..k/l.....6wmU.s..|1cf3..f.yZ>Z....@[`.6m.3..a...3...t..8c...r*`~.Tt`..,#..j.&.-6p......i...........|..<H..sd...y..>..}.tb.^'6..........M:...P......D.......,.........Q.....5.....;W....;(\.G...'.t..]..wOv..O.$.X....D.d%. .NC....oI........$b@.GB)al.].....[.......%lN....C..to.d.T..:..b...nE}Q..c......:1.r.{x,&.u...z:b..@.....D#..:...Z.t..........?.Jc....l.....S..dkk]o.@O..<.bw|]d._......z...8.D1.T.k0b...;qI....._.QD.W..1V.....,./..z.D....D(.HO....LeN..Bv.].^R7....."K.l....g.%Wo.n.v....u.T.C...51._s.y..#%.?.t=$#..Z.....G..(%..q.....*G]W......o..$o....y.n\....>.......M..a_9?#t.....R....c.f'."j@.!.....{..dDlQ.2...G../...8&..?....T...\(...<..x.7x9.x^O8..r.c'!.+.#pT...a$.....d.......b..|.>....e. ..#..v...G..}....PB`.c %...Mz..a.7.OX.ha..p+.x...vw.U.(k...Ft.IL..o....5.......yq.g]....e.E.......&2..U..Fj.._......u.?.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):3145960
                                                                                                                                                                                Entropy (8bit):2.4501722218052913
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12288:wdRcsSE742HJYzQe7wwXmkVQlavVADh5eEnleDn2T:OcBE82pg7wwtVLvVAhcEnleDnG
                                                                                                                                                                                MD5:30345F345AE1058702E7D12E16CF870E
                                                                                                                                                                                SHA1:1E5256B5233554874FAD55BF18126D00D78BEC56
                                                                                                                                                                                SHA-256:8E7DA25503C0076E1EB6746B1BC10A90C3B86DC0957B4F4F72A953AAE73B9AB0
                                                                                                                                                                                SHA-512:CD49BB1315400B0C2D617CEFB6939166C0182137629D31AF6567D8E7E2B6D0A34522B85799F6CC4F57C78FF886BA36BBD797C27C8633C8FB276F3BDF1045530A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:G...'-Gj.....Mq....N.N);.\....{+.x4Ac....X..tC.W..{O..QY.........)...F2.h...|.1Le^...#Y...*{.f|..Z)^....@..."H^5..+.....I...[Pu...6..A..\@........"v.5.g|A^v.......(...v.Mvj..|.c....M.(fN.......#.......`.v....b..d.....x.......:..z/...~..o...y.....n.... ...4..m...:....E........ .K..{...A.U!..3z..Ig..)W..?...S..J..........~...O..*..XE.wW..Vb.T-L[)].#.T.M...:....|....Q.kz..vj.T......J.....;.".$...$.[.=.... ^.=.....J;..."H-{K..*..B...=.v`......>kV...gX]....5.......s.....9........EK..Q>1....{......%aJ.W....K|.wN.....|^.f.{.w.sS.z...w.j....d] !...E......Nv`.p....i&<\;....#..6L#.y<,..|.U(...%.&..^5.4.${{F*Q..k.....S. b.C?"....1.......s......qe.T....k.gO......).S..!.hb....~`b......Y0.9..?.5Q...Y..<....S...l..[A.H/h._7.....[3.......l...,....ss`..V..P...4.nD.S......%..6@I.}...L..9.....8&.... ......".&.4O*.!;...0K...b..8.....VL*.......}2......j...3..6.f.6y...0..*./@.1.%|......62]...M..#~.qG.y-i.....F..j}.....'w$B...C.t..........N|...y~..B..{..".@.;.<.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):3145968
                                                                                                                                                                                Entropy (8bit):1.976520119716048
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12288:7FmKoASsW+fxOLROBz37WO5hdb6zu7prTnXi/DHIUs:Rm2S8fdBz3KqhdbxdrSoV
                                                                                                                                                                                MD5:958295F7FAC2CA10B7B8731CE757575F
                                                                                                                                                                                SHA1:C5EDCCB7655D7F6B63C4C7706B7FD64C7F74D66C
                                                                                                                                                                                SHA-256:29E81DFB4BD6964A89495A6E32BE713996D078EF78ADEB6AE44E09936CEBC6F9
                                                                                                                                                                                SHA-512:C3510422B0C3D8A23424AD36DB1A4CCDCCC318180D42FD75BB6802BE5AB2E0BF56702FD379C2BA2F265D124851B006D049FE6C3FD85545186581D701CA80D5E4
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.u..+[g...)N.v#.xO..X...~.6.C...Q...&..p.F.....,@.H...X......#.E*.u..hW.ru.nC"88.._..?......(.B..lm.z.s1..|L!.'Y.....Q._..f.g....G.t..L....(...9.;vo%p.5x.jE?Y..^...Cv];n......8....n....s.*P2...2....s...9.].2..`.H........&....x.4.8dL..eS..B..J ....V.....x..nUO.....z...z.].o..... a..F....L7.....#`.-.A.,0.v...%.<u.qy.2 .....3..........B....X }w.*.U..M...71&....XE9!..&.a.....cu0.(........2.g$..-~.....8.;.p........%U2.cj_T|...`.cOI....r1.q5..K{.X...Q...h...2..I..S5JS..i1.T_.J.lr9_.9.s....,.-8ow.....!t...^..O.".......q .....%.+x...It....r....".Z...o.n.7..y\..H.... O...8.O.... j....8=.lf.c.V=.^.B....u..(...1.BX'..}.!....a.w.D...7].}s.... ....S..cQ..dk!<T.<.b{.x.....V..:...:.......:kC..........i..,.I.....N'.j....,.9..w..Tv.c...".....~...o...`.bK...q...]I..E..~.T...{...rE.$...e{.$..H...sJ........W.."...3 Ows.T~..)e.,.F<*..r.....-...?ID..%E..Q...hI|...bm../h../...(..&U.|..+{..o....5;]th......\.yZ!..s..z.; =......-.Uz..Y.V..0,..K..y"..F.i(.{..a5..5.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):3145968
                                                                                                                                                                                Entropy (8bit):1.976341257657032
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12288:HYI89r1s9IylZ94WZQffgtAd+KPgmOhLEzBHOpAdaABJwQwgv:4I89JhylXlA4J9FhQRZMirw+
                                                                                                                                                                                MD5:6DF88A809D35AB363B8D5A5CC3D58333
                                                                                                                                                                                SHA1:BB4C6031DFAB7B390A36C609C0B87CE7129B53D1
                                                                                                                                                                                SHA-256:E48DAD87E518DADDD9D657E4E0D5E59980247E54D9AB264240EB5245A4F52333
                                                                                                                                                                                SHA-512:F306C81BFA7A1B6B1F26BFD970F5B3E24F630F0146548462474ECF676D647B80828CA7F903CA61E3909E8322AAEEAF1FEB26A2F912837A203D031D0380F08B90
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...F.u....Y..6...2.%S.P...1..P2.e.&.wS}.B.nB..+....>..q.7D.Ux...t.....n.Y~....2%..Q;=T.......>.+4.A>3..R.7.:.6DI.,.q.<p.m.lp0...s..#.oA..[8ANf...........t...4@!.s..d.[.....r...f.O...e%0Qh2.h.S..M`..fm.%..d.I|...}k.T6..8.."..)%M.JH*C.k..w6Y.*.V...o......TLWz.u.'7....L/ZsjAT.C.)U..6\}.._...6.....I.!...-.P8.....#.,.[..n.R.a?..bu..*..S'..OI.nkC...!o.;b.f..^-....p3.s..R-...f.*...6..R.)...F.CF....P...K*.X....._..`_r@C......3 .Y..y....w@.e..s..W>...|..8.(.mg......58...."...D=D.....1..M.<y.N..G.....7.4'......^..V^S..r.... x...).R..'.....?e^.F....5t1.Y.7..d.P.e$...a....t1.|YN]._..Z0#.&.w.....\........j.@9.b.m....,.x..a..F\?..8.W........n..8`.f.Dg....J....."GHP..pL.a6P.."....2.7...o..+.qW....=z........^j*..u..];...t.B.H.A...v4.......7A..,`..URR.=\...............9.v.........;#.iN..npd.y...d...Re..g.r7...=l..T2...":..xG../h..{>...I.[..G:....p..[.;G.*.M-............T0k..YA...qazB..C...B.V..b....m.)2._$K..NX....'.'..m...o.L...*$J..N...vsqx;.=..).OFtb
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):3145964
                                                                                                                                                                                Entropy (8bit):1.9761381499005983
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12288:03ptE6mFalNb7RnQsDT0iOPzRBOkP4lHIdrh/obX+pKuIzA0K6kY:C/KaTfRQs3SzRYxlo//6UJbHq
                                                                                                                                                                                MD5:58AA074DAFBCA36925CF6A5951405198
                                                                                                                                                                                SHA1:7C6B22C3A9DF901F9FC8845CD8807C46F68C3231
                                                                                                                                                                                SHA-256:8A3387C6071863D7BDEA740B95000A95DB40A92BCABB897DE0F7B0E6E108956B
                                                                                                                                                                                SHA-512:B44A2D3B72EC7A01E1E1C2EA6F45E71A62AC07D57F8CEA0361A6849BC95E2290A433545E45F362771EF63CA2E7FF62874EFC7074DC6545F98E91497B3A4F0789
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:}.U0...xd9.1........X..d..F%.......>....V.....].+. g.~.Y.....A3$.^_...<pq(.E..[#...j...F7..:.qS7O.....8..j\R..[....C...Fq.RJ:.O.[p..?......}...;.g=y.....M...{.V=?...!0..R.+.......w.z.,.$...]p....].B.._....o..RI...=.i.G..Z+......x...".......S....t..w.pU.tD.....{I....TT.1~.:G..."..o"..j.t........>".l{....{tH....S-..p.b.-@.C...V.|H.-....W,Dr.....+..8&t.../LfK.o....|...."".09.....J.o._..?..c..>Z..u.<....0kZ".kL..>|..ag['c..xY..X.....n........>..4.">..,./.}..Mo..os.@.......`.6@.......S.,.....Z._.;}.P..9......[....vJ.....Tm....=..8...7r. A.Ne..{.3.%..O..k....n....2..Q..k.}..[=.}...5]..:...i.j.r...?...s....\..u...0.ya7.MS........Y.q.V....f.x..>.:w.$.o@.....E_.....X.4..~..U2...zzT.i....<.0F.-..j.z>.2...Y.......p..}N.Gp..(y....H.q.D...gr...cw..$.:.-.w.l......2...:. .7........4h..B...|SO..4K.lv...jVOa....b.....;....(......^.x$!........@X..m....8..*..}p.q.[....."..R.......P..ef8./.'cZK..AC2.h..WJ.Dh....A....nX...H..Z...........K......4...MSvC#-
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):16621
                                                                                                                                                                                Entropy (8bit):7.989677970106317
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:lpgEVaCSdtQeRYdID2baCjp+fpADuzdTcD+cwp3SLw7cPU:Tgi5aQeqs2baopwA6hTcD+jYU7Z
                                                                                                                                                                                MD5:F865CB94101AF16527776FFD8906B875
                                                                                                                                                                                SHA1:9314E1AF6C2957EEE8551F5D61450C2D042DB1FE
                                                                                                                                                                                SHA-256:01DB3A2A6EBF92E08351BB4C68B82CB6BF07A1FDEDD2DE71C7B8709C7B689B71
                                                                                                                                                                                SHA-512:A74724271C04C9A021DD9BD4D054A3A536332B67D56CFBE86548344CE4EA5757D2728ABFF5ECAE98036A75CFFC501127F6C7B0854F010E4C1DA90D7F4FA8CEDF
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.g.gz.u.=:.|?.d .-.&'...Z....3f{.|Z.q.?.k)~........e.$...`N......b.......;.]S...HE...[q.....=...py.........Mt.g.n...\.T.Ao......<!Io/X.b.......).C..4.......}..D........i.+..j.i0...2....q_s.!...R.)K..}b......U!.v....8.K[...gR[|..._[l..D.$...jm.sg.YS..!......y..VC...}.Z.......gz.j.......b...I]...d.8Z6l`u.N..)...3...!j].hg[.C....].%%...O..#.t...Mfu1.s..mi-s......e.Wpy.....,.......;ypO..1s.!d.!.....>..Kty.K...Q.#d....I.~v.......?$.q.........#.n.8..5.o.._......I.y8q.C....7.i.....H.".Bz..}.RM...._a'HR.....S...J......KMA....]:w<....]z#"...J&C...^......Sh...Q.......y.......!.h.._u7.......mE.&.n.x......(..m..e~5P P.uy'.#..Bc%g.......DqY.....3..'Z.;...Q..d...._;.v...f9.?..'..EXd..(..CN/..........guO.....M..O@...b;...).U[....!.$[.el.M..............vO.U.{..`?s.?._.m0#j.!X....p..F......99..^...A.VT.n.*...n%.....O..B..^.M...,)]^go5r.+.....8....p4.ub.......yd.......W3.e.7z..$..V..p...2....;a.........+^.<......7.l.....MJ...6.4sw......z.=wY...[
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):5767404
                                                                                                                                                                                Entropy (8bit):1.3967775418543842
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12288:TfFElJdKvsZwmCeBBcin8j0kXuT/f7R+4IVRQP92Rdb0V:TKLdKUZwmCAC0Fy7QP92R4
                                                                                                                                                                                MD5:81A77B53FC722A45365E19B9A37A1074
                                                                                                                                                                                SHA1:509195B8DC69587C4AD770FED3B931373A7501D1
                                                                                                                                                                                SHA-256:DE145E3B94D98FD43C9901BA3F230F05ACF515345F07FB981629D8E28A1B4CCE
                                                                                                                                                                                SHA-512:D6A1FEBD67A136D2DB4A4EE9556FADF1A7BB23842DA8611BCB2C7FE235FCD7BEB8D08FA095887BFD0798C407AAA7BB21FAEE26536A98E7ADB4504373396FBCBF
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..V..-...+.?.b..A....jklK...9....E6v.W.@_.S..J0..OU...1.(D..;.\r.>...U.....w...=...(.V}.E.fY^.D)8;..']=.k...;a....=........%....v..:!.o.........p.;.[f[./..u.....4......2:..A.g.....!.^ L..Z........\.f..Z.....I..8O..n@KT.2T<6.u\.%.[.....MO....aT5.D=.)F..7 |)...$<$NM.".&B.-....*U.x.n.Z..~..p......1...r....O..g.d.>..#Y.r.$.O.?[!.hl...&K.E|...S.....E...`...S..ct...=.g..".Kn.k..R..9.s.F?K...&.d../....zM...;.^..<.J.-..2:..SJ...]P....j......0F.1..].:8 ..sT.F..y{lJg[N..pH...Y..vh.E.L..O.0..{.~....i..(ElF.......k.).R.0...\.]...c........5+(#.#..q.w ....M.2....=.\8.ev.R...a...[``.z.....O.A.t.....0......e.jx9."]B.....;...|....X.....@.i_f.L.Q.T...XY`.....g@!.|.;.........w.B..~..t.c.R.9..06JK...H..\t.....N...;.1W..*.0...w..)k...1..W.Pq.(P.3.r$%X.j.....d..p%n..IA/.^.FS..;...R........(...5.s?...?..[P.....\..........i.R;..i.7.....A|.... \4...d)..W........x....X..O.c*F.....Q./.R. ..3R2J.'IS...5n.....ap.d...9.Qo.............>....-...5.....g..}..!......
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):248
                                                                                                                                                                                Entropy (8bit):7.191863044153163
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:pkpcXYpgvLM+NEBFxMQRTVgZvXKXqrnzo66uoxTQWryJJ:KcsBFKumvaaDixTYJ
                                                                                                                                                                                MD5:75DDC39556EF9D3C8D2ADBBE24DE79E9
                                                                                                                                                                                SHA1:BE9F473A32BA1002ADC098B3616CCBE83C7A7A80
                                                                                                                                                                                SHA-256:3B88C2F6A9398AF6ABED66F92E1FA778C81F42B4B2C8F01E2C32FC9FF31DA1A8
                                                                                                                                                                                SHA-512:1BE2D7541A1AA881B8D16FB8580058AEF9A6FCFBD1E07A6475344EA19F76B0EFDAC5E4CCB23AF67E708B0600F2402A87A0F5D4889DE9B5CB1A284911A6605133
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:,O.a.4X..8.@...."6.Q....)C4..}..X...GT..{y7=L..J..........A1.o.+,..........L.,..Tf..)..v.s.4.D...&=..S.l.x....n...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):5121
                                                                                                                                                                                Entropy (8bit):7.960777979277182
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:XPkbYYviU/DphIXeZAnUZUotaqcDw2+h68HW7ZCbHGEU50hX9mK5eS78g0XzwaeG:Xsb/aU/DDIXJEFn6/+h6soCbHpUGXMU6
                                                                                                                                                                                MD5:5DC40DA2AF8801D48C76DD64DEB9E0D6
                                                                                                                                                                                SHA1:E4F11A1F9FAE9AE73C2BDF77A1DF268D57656092
                                                                                                                                                                                SHA-256:87D3E681EC3463D273C9F9601CC71B69B4CC0AF0F8050332CF395A5B6059F135
                                                                                                                                                                                SHA-512:BE81FAC4F48B6AE287621A73876B9EC69472E71E5D231CC4CAC414420FF04A7F13A16F25FE5EB0882C7E8F2027F5BF02FBDC57AC017379352D8BA0C71130EF0A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..,Sa........j~.?sv.....kD.O..p........1.....#.g....L.....(7...u............XN....Zl..^R....S.b..y.-...A...k%...<s.....&...jK..0..`j.....3......<n...B..u.L...}..Q.j.h.....V.tu.aPV.cu..eX.5..Y.&.C.....]..(p.~Nw....[..+..9..?..Z\B...U{5R..K.....G..........w.!LWq|...e ...<.;/...@...W.D..Z..c..:.......Fl.kU.D..MCK...hp!..~J.$6..*.fiKm[.m........m..x....;..4Mw...*F..=.`T0.....XnSA.hi.%..J)oLq:.Mv.?.../..M.R.e...-.&../q....<X.p..+.f....'c.<.?.t.v.u..P.|....(...C......X1PH.s...o.........WHY.:..H8H?.r7.T_...v.^P.{7....1,....tN..f.....bv_.y+tA.p.v.........Z.p....N.w...V..-........~58...3.\..>....U.....n..+..M.6..j...z.L....X...o~0.0....T..=.L..%.l.I,sT..r`..>.k.. ....D.q.,...wQL.v...m......|.>.3..7.ry.D.........m?.$..}.?]L......*(.b.T!y...../..T.T.m..F.9.!...[....0.Q..Sf.P.[......Q..G.n.....*.l..R(........U3.r......xJ.....IT.[D.....IID..)...h..o.8=............ ...[D..@I.B.tW...?.. . .M....a.,...(6...Z/..h..b..F.....:.?._.......R.p.....X.g.?.uq1.....F.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):933
                                                                                                                                                                                Entropy (8bit):7.789795443675977
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:Shl1kMo6sgJbn/GphZUoBECJAvAGYCUnlR531nE2xs:6nfVyTvECJAhYCUnlRVZq
                                                                                                                                                                                MD5:DF7BAFA28F81808E72B3247BED7C12F6
                                                                                                                                                                                SHA1:3ECDFB5F5832A9AF864B25BB037271BEEB902D03
                                                                                                                                                                                SHA-256:9A108CDEFD54AB1341E280FF8971C58AB66D131CF50E0C331D2815511C1BF075
                                                                                                                                                                                SHA-512:EF3D96C7F90F6C2CD8F75A251DF3108E514F47AA01D9C265AE3311AD56956336DE0874ACF0B732E9FEA0CC594652B6542794A4AE0512E9D91D20EFD579767505
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..........!.d....hu.z.s._.i..I..-T.|.......W........f..\.,iY...^.4.ZL<..!.... ..*8./.J..........Q.....`D.q.e.Yj.....O..2..6....m8..g.|.....[...<...R....K.R..b.H.8..Blh.Os..;....rg..@.}..g.....e..x. ....#...T.r(&C...Vk....Q..)q.....91..-.o......%Q....KF..U@..0!...99$@.h...c..pl.....j.....u.s...GJ.."R...&.R,.........@...<*..Z...=b.\.'....[k. .8..+H...b.E.-.fK.%...Z...,M..$...um..."z..pt8;>..Jf.'.?......!cX....6...........kz..i.GYH..L.?[.,..c...&........z....J....%H...m/?.gj....w6VJ,%.0.T...B...b.i....`.#w..G...~.@#.t......-...{..]-.~'tob.....ys..N.*D.c.'..<}'....wf.L...{'.mE......Z.U.;P.....p>.F.{?q!..s....(..h.4P....@..4..Cn.c..q.(.n...A..t.."..P...Q.z.6..~.".y..$.mv...=....u[L6x.6.o-+!..t..}o<....^../.+gJ".|....:.r.......gK..ar.g............K....<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1211
                                                                                                                                                                                Entropy (8bit):7.853090170549513
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:oHcDEhR6vj+jn3dKdeN4cLxkM4CvbnN3EKoIYn2xs:oHeyR6L+b37N4cCCvb1EKoIY2q
                                                                                                                                                                                MD5:05B4163629581E4E477E8887E8CC5BF8
                                                                                                                                                                                SHA1:BF0BEB42D2312B84B531850B7B53B285AE0ACAEA
                                                                                                                                                                                SHA-256:21B7E8B7A97FCA626AA87CC5B7A75C128A49C105AA782F1968940CAAC1089712
                                                                                                                                                                                SHA-512:8A8A477E1AE6C5214B57AFAF0785D4995E7CF5CB70B6FAF8B9B209D2F631F2DE74F5C1C521B5CEAEF5A5212A537AF13F8A6902394889C97E81E87EFAE71DFBB6
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..."..Q..#{h....,.~.Wp.9....s.P.1.N>.B.&.....5[^.j.DM..|)x.cb-..c?...^..|..%L....S....#.zKK..J....6.."..._.4.....)....jp..m6...b.T.&.%8.Y..B..fd[.X....s.nb../.D.......y..W..O.,.8#.C~.....Qz1L`..H.|q.de..n..kU'r..v"..........}.>.i...].P.......U..~.C.<T~......'.....~%Tr9...E...+d.rk....?|...55..-.<..`...id.@....5.k...66.o..z..&*.J.2..Cm|1.`.t1...e%.o.a.Oy~..y..........L.4bW...p..`T..E=R.I..I...8.Fc;..`g....E.P_...U%.h?...9.o......X...._.0.{...\.L..Y...DM.&....QS*.KP..u.<*.9.....^.\..&4{.%3nn.OR.."p.:..0..7..G8........Sd.G.-.W.XgG....m}u]U..N.K(.},.......M.hU..$.I.e...^..pC.rn.Y..v..[...A$g.m.6....X]..7.#...|..?....M9...3E.qw(.....;..|.|..Q.:.R.o.7g..5S...$..u...".."DE.u..l.3t....f.!.C.m=.9^.._.{....,.#.m.......E\.'h...w....f...y.....9r..6....4t.]..S>6..K.Y.%.k..F.).c.."I!.>.5H.t..?..O3.. vG(c?u.<..x...%...8X.A....p..r%........(...!*.-...J..(P...J.D.&.......j-....<.R..@1V.k.ju...3.....?..9.H.......:..4......PWl......ff..Z.....D..
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):306
                                                                                                                                                                                Entropy (8bit):7.180882565169965
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:vihh8pe7gZefqmVJZTxCAzW+vbq9lZnXKXqrnzo66uoxTQWryJJ:vaWtOVJHCAqeO9lhaaDixTYJ
                                                                                                                                                                                MD5:58237B6B9533AA3F47CE6F07B3407A9C
                                                                                                                                                                                SHA1:B1B54B4B2E90FDF91C3979547F34BE409A8B6270
                                                                                                                                                                                SHA-256:704BDEBA255FBB0BFDB80B84AC5254AF45D71D46F00BD72FA33D6AD16D188AAE
                                                                                                                                                                                SHA-512:2B13A11FD9F7F4D56A5431017CDCF2659F1E98615852D4987DD3E123E513413675B01228186F6227F6FDBC6014B74FC75BF64DEFA001104A17FFAB8A2DFB02D9
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..?b.q...%K.U...Lh8.7^..K..L,.....G..$..<,.)...Q...Y.4......PWl......ff..O...1.1..|.Vn._y4=...J.1./.';z.....}.FJ...?....c,.*E.....Z.@..O....`J.c7.....1.8L..f.*.F...v...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):33022
                                                                                                                                                                                Entropy (8bit):7.994530971229691
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:C6H7PVWiQi9hNM8Lhrt9U1kluSqO5bpDzK1CrWxhWunUNnSzij:C6bPVCi1MCluPOTDdSzi
                                                                                                                                                                                MD5:E6BC3C69A69D1889BFBA39B71A52B37D
                                                                                                                                                                                SHA1:87F837EE3D215B35D5E43209E52164BDFE42AA56
                                                                                                                                                                                SHA-256:81B1813C97EADEADBC9AEA6E8BABCD46E0C2A629F98CFC5068DD30F2AC95BB8F
                                                                                                                                                                                SHA-512:325831842CC2CA0F1C955258E14180E679ABA562554D55FB3CDD781BC3D4B729CF0195BEB96456EF47E9992FDEB94F15B8377B7B263B9DDB4787A56C9B5E1AD5
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:CB.6...&.t......v..+2.mV9.rmEn..p...lF..y...h9..,...3G\vx2.S..0..4z..X.....D......3U..V..O.Oy....u..y.<..n....!..n.&H!..g.(.KC.....c..`E..C.]7/!..1~K............{.e#.... ..Qa.....Q...X...G+.Rv..y.8.NGn.\....c8.D.F.....*..5.M.Rtr...Y.K..I....;.I....I..;.........z..h.1......L.....K...$..3...V....e..Y.......o.kW..........qM=,.e.~.....t:x.6....h(.....u$.|.W...n....D...c....PZ.j.-.....l%.V|.8.....>.-..a4....".)[..l.DZ..!..%......qw.....g..I.p...=.;...).Pq.8.EiE....Qu..._..=......D1TX.....W....#.).a(..TGB.@sF..z5..5..."r...T].E.~."..Gb.......].`y.G.,eq4J{A.\iDB..n... ......`..........+..lZ....~...v.A.\.M#.I..xWu).I&?4x....O.t...h..Ja...:.j...S.......3.[.o...."W?...aP...`..U8..@..0...vh22%...a.."...B.o....O......~.H.....s./.)./..L.e..3.....VEI.Z.cy-..Y....c1.[&...I..2N6.I`.Pw.ZF..jv.......[.i..Q.....d.....myN.].N......m..:......0...R.-tS4P.....7..KN6@......%.*.l..7..#.Y4z.7...<L..}..Z.J..].......5_.[..Sq.G.........".9.rC05.u3....:.=..Y..Z..5f....V...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):255
                                                                                                                                                                                Entropy (8bit):7.029833817190073
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:mJmV/OXtPaJ/4BPfdBYzbDoKFSXKXqrnzo66uoxTQWryJJ:B/OX5ax+fOYK0aaDixTYJ
                                                                                                                                                                                MD5:9B05C0E7685042D64CF3A0F3CFE8D576
                                                                                                                                                                                SHA1:DA2041B441980D27FEDFAE3F5B8516B4AF7FBE54
                                                                                                                                                                                SHA-256:209C865F2754F61D39CD097F49305553F96B3851C8E8D8F7AA97057DB167729E
                                                                                                                                                                                SHA-512:1BA5D2CCFB255D08E857363B3C7A6D1FDEE774B58483D0AF8EEC2012C4D6B645993AC5F90056592DE1A56BD4C3B06FF0F55E64EFABCA6B96BA50E5AE7B2AED76
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.4\.....a0..B....[c*.y...&..,bq.Wy.4.L....2.,.';y0....X..A#:.....AJ...9.l...*.K..=.*G....[.....K....P.a.|...8..C".y...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1048824
                                                                                                                                                                                Entropy (8bit):4.982451457248338
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12288:9HV5Q66Tf2nL1FNI0oz40mAl3O7EvjKhEzaDb:915Hgs6zCAl3mejKh44b
                                                                                                                                                                                MD5:DD5189D734B615E9603E6D6F18347973
                                                                                                                                                                                SHA1:075DE4401A08AEE6BFA82E62547BF979CE93CD45
                                                                                                                                                                                SHA-256:02CF19B12239CD48C93666AAA7C3EAA2AE2FCBA83FA059E073A759344ACEFB7A
                                                                                                                                                                                SHA-512:6BD858917072F8CCEFDCEBAF13ADAEAB88A283166686BF3A15CC77CBF3FF26F51239759091D9D779FF10A0AB05E43AB69BF4E6C23AC38CC3CEC89D2CEDF85FAE
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.....b.Uv.....v..~.#.N$..}...7?.kc..x...D...!.0..[$.u.*r.Y*.n.}.gO..Y....z..i4...Z..$\.w..OyzOc.btN..^.;.&.5.V......K..".{.A=e.._....._.V..(..R.l....f.6..Z4....o.pmK.2..:d..@==......*P{`.!.e...=....d@......LK>rh.....m....h!....bF.}J..e0.......t..I.c1...H..`][.d).i$G..WG..aF=.*%................y.}.jxU.......D..-V{.Rc.J.{J...e./...y.4.y,'r'._....iu.~..{YG...Z..k.d.\+zayl...+.._..8.t....y......<.. .5....D!..".B....&.........[........C7......BD...qX"`.Ea?q.....sR...|.V...Z....k....}....8..#8t.d\........C..X...>.....^....a... !e.......>$.~..<,?...;.pm.F.h.i.1......z.H.M...,.s..!...+.O....W..V.{T`......yD...KN.,........_.c..R......-.lI..Oi.D............e.w...;7.....:...V+...r..H\(M./.l.g^......\.m.<..Ge..v....!Z.!N....+.......r[.~.d...K..I..U..y..O..[...-.bJg.'>.=..P..f....7.C..+*.]".l.a....P|..E..\@.....~..la.Pw......(V...f09..sf..Yu?....l.......p.,Y..*a..>`....bV+..~~..../r...C......\)#..}..Y.83}&...<v.~h.1m..2;.un..n.k.6..n..f..<wqW..)...`D.#
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):65536
                                                                                                                                                                                Entropy (8bit):0.2919384506157184
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:iru2ajQ/KGxmrQu2IM1k8/Um0PsNZobMW/j7/tzdXmsnmkIsl9NQPZ2xE:srasiGxmrs300NKMW/jBZTmkBl9NgUe
                                                                                                                                                                                MD5:80653CBFD844A8F165E0C9411F421A54
                                                                                                                                                                                SHA1:77EA85715221C55B9F85C94611F2D064568B6C75
                                                                                                                                                                                SHA-256:AAD265C2C37996B1AE177836D26C3E4DB4AF4D8620DDA14FE8BBB96DBA3B02BB
                                                                                                                                                                                SHA-512:A22AA0F2490BFBD37BDC061F7458C472E24D228FB419D0CBC73884C6109FF420FCBBAB55BACF624D77F9D423313725DEF5DAA6551E1A1BC5620BBE95B5783931
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:#.1a+.X.I.X......4... .j..].1FR..'..!..g9....9.......O....%.[.46Y/.B..`.L.Xz. ..Y.H.Q..1.-.b!.i*.#njS\..r".)..u.....%............j>.......:.....u..s.u........n.a....:..ju!L..:ou.....\......f.^..o....x..,^ [.hXB......Z..O....Y..p.......T.B'.7...y...6)r.X..t!..8..`.....n....*r..Z...Z.............k...B.S..[..O.s..+.....$..C..f~Y.sMU....(C..h.z.4*F.o..=.......4..8P./....4k...4.M~u"...hI.F.e.m..$];...$...o&.6'.j...wl.M.G.v.|*.1wA....Z....AH..p.}.........C.4l...g.5.@Gmf...RG.Q......]..<].g.{....g8.q.).X..E.....7.*....... #N....O7..0....}...u.QXoW..%...5.I. ........n,.w.~[..J1.....s......)qK....&^..o..o..#...4W.....e....U...{.W.F..XtQ'.h.PI..G[..0..h...H......Yf.q.X1..irS@.d...h.s...2y...V|A...;..x.3.?.T....0wO....OD{..\P\.,.o//O..A[..$/....5"%.V..r.I.wO.[...k..R......R.......P.g,....>.OA6;;.v./...d&..:c.........S.=q..3...b.....];e.q..2.l.J..1]. C.yWJ-!..\A..B/M.._).B....Y.Y.&O...&XC.K...]......C...:q../.D......v..].p.....+.:..($A.!......}
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4194576
                                                                                                                                                                                Entropy (8bit):1.5383617893473889
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12288:R6oSuUI6ctHqanXW4mp7X2bgXRJRGWqQlsREC4HZhEpfuMxSZj1r0ms:coRUbc0aXcgMXVGulsRE/7EZucSZjJ0/
                                                                                                                                                                                MD5:114732ED8390E7505D32185256A984B7
                                                                                                                                                                                SHA1:9EEF04845E82A9F8F7259B1AE934977229E05215
                                                                                                                                                                                SHA-256:482D0B372B854FC3103DF0CAACE672D67733F6D449EDB248FAB89F6B66CDCC49
                                                                                                                                                                                SHA-512:96FB22D090A665E481BCF63A588305BEADC395F4E3A6E97EDA4BA1A59B36E6347263C106E7FE049EA951B50FB8FE327E2453125D7AF775D0A0CB8C26CB1B1E67
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:+p-..)^#...w3.g..Q*,.V...$....`.C.j...FNIS.Q.P,.2.~.?pad..)......{.c.9._...*..1K.GH6p....vs:+....^...\G.7....q}.. ...`.I*.....L.-.....y....HV..>.oq[.g.)[...$.d...O...Y....`v0i'..%.....'(2.....j.t....0M.+u..#....`.......D...6.&vR^R....A....X.i.8..a..0..?.F.Hi......~...;.=./.i...U`.'.Z....c..?...z.Kv.r7.Ew...=M.Q.t....%}U.h%\...UP.?R*.G..u..@....!.....F~'t.[xD.S.^k^ek4..f.......E.tk.D...l.I....2..zl.N...=..GM.......J..r.O.t^u....?.%.[O..!.?...a....~)/2Z9..x2.......*?.B.k.C...!.........O-........0!.s;9.O..gzS< ^.E....c.1..F./F4C...N.,ZY%...Xa.!p...?.ly PPI...-B.`...Q.bw.#H.>.!@... ..Kv..S./O1A?.,`\.@.......P_WE.PU-...5.b.#..<3..Yr4...5.r...6.1]..".....s.....F...w00. V[..`}..Ja.N}....9.._...6l...R......Zrt..D........\.M..s.4rbm...........>%......z....N.H;na.q_..<)#.....=4i..B....r./R.....|.V.R.6<^..^2..p..B..nO...XELS.T..bBCz....Eq.h....."...KZ..\.......7.J...]bX'.2j.....&..7r..........p..'..a.p~.N...To.t...[z..04.D.E..:{.-.i...5.....77....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):279
                                                                                                                                                                                Entropy (8bit):7.247391831371851
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:2i9PSA7CF2vs7t09hlORQnXKXqrnzo66uoxTQWryJJ:/FSAe909jhnaaDixTYJ
                                                                                                                                                                                MD5:AD8AA913BFE2388F3BD38EDCE8564AB3
                                                                                                                                                                                SHA1:5A6DA135C41F9E63E03CFB28AC6BD8ED4D5B9FF6
                                                                                                                                                                                SHA-256:974EFBDB74136B467E0D8C37C0D0E6E130EDABBB5687731670E2F3AE0345DB8B
                                                                                                                                                                                SHA-512:C7D2626174CE818F39E4ECEFF177DED12FAAE7FF845CDDF87826481ACB8B58BA1BC051DA933D05F1DB3AC322D3DCF63A9B084EFD435019100E2B421AD67F4FBA
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.W.`..F...K.+.....y+....i...D....M....4Z....L..6..;...U..&.A.....D....W..{z4=L..z.g6....d.O. ...A,..ZQ.]+..TJ...F.I..EQ..g...D........lw....i...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8422
                                                                                                                                                                                Entropy (8bit):7.976508509700301
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:yTpiQwy1d7wAaXxHx4GUsYdA4ptL1Ob1W5i0+53F/ONftX/iBIH:yT3w2yHxHxJUsYdhptLol0+51/ONftXj
                                                                                                                                                                                MD5:D149B5BD7DDB0BA3EC34B6B2A1926AA7
                                                                                                                                                                                SHA1:28F16A73C5A2BD497B03D4A3EEE27E6F2E48649E
                                                                                                                                                                                SHA-256:D5F947DDFE9D4C9B784937F96D5CD216CDAE30B5EFB520C7F8F657846E82DFD8
                                                                                                                                                                                SHA-512:A49DEE9BE0594FB601B3BA9CCE304428778A60D608F049B980D1ADF5A23077F0EBA12879D8E005E3A7B6774F39082E163D4E2EC6AC6E3AA1A230FFCD308DB422
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:g..qG.... n....!B..q*g8.j.....<..v...Ui...^r.A.l..&...y.i,8(.z..sm...h..$.u...l....c.u..b.....E...o.....Y....+%..Q.].d`...E...T.....3G.g...`.....W.PP...<..".2X.F?ma..n*...BW...>...F. ...G.H...tO:P.HtC...Ny....G..96r.O..o.U{ ..v..i./.$..LY.....~..."\../..2.`.`Z.a.p.......9'.....n...Z@Bg.......":.E..YX.W......-$.)...(u.?'..O9.P1.r}!.....wFc......#.PG....q7.S...pZ.:..#...&'.dE8..?u...5...J.r....!.Mpv.....a\.......!.>).....J4.`k..s..+Nv...6.V...i!N.x+{..U...z..........x...,u...5.M....Gs(...........#...&....s/.x[F8........fo(......5-.V\.P.H...>.?..iO.........s......VdD.,...Tf.R...<.`.R.4..K..8<v....M.y-'.....kM....2.....D...........X.Yu..2aw.['.ak.u..>....0...O.p.l....q....1..hP(<. ..\... .I1...&.'...al.......%.WV..x..1;^.Jk..C.\k.c-......q..z....O..U.+O.T..o....R...ANK..::i.[.W.u...a...J.t.....n..".S..>.........+.........|....DU...k.k.|....P...(.i^....$.H......{.d..8.?..WB..8.....b....<2.KZU.'..;...Hz6y.....*....{.upt..c.x\@.q.c...O.\
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):270566
                                                                                                                                                                                Entropy (8bit):7.9993648891417015
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:6144:+Lk/ti7ihUAzcqwmG1yqpl8ASNOjYAzxaVxU5ua4Lx73pImA9i9p4g:+LGiAhzcqbG1yk2NOjYElUaI3pImKiL9
                                                                                                                                                                                MD5:11493A0D503C0F652AC69B86F101C5EA
                                                                                                                                                                                SHA1:EFBAD854684DAAD6D193EA90957D2F6357F66C67
                                                                                                                                                                                SHA-256:DE5C1BD641F5415E06E644C2235B17D860354578FE2193190CA96064DF1EF095
                                                                                                                                                                                SHA-512:060ABA8073292664DD6AFD9FB551081600CFD5FBCFB2C0D875EC96427AA57E008025DCCEE07FBF94EB53230C9327DD28CFC536A76CDECC8143D33D85A86BA929
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:..f&HQ.F.$.....,..o..2T...L...<.L,..j...........=...{...!....[d.+S{.*>.r7-....Ud..`.`k...]C.I.x)pi.,.c?<...f.M..L...d.Fg.;3.P...I>..42......A.../-... x........i..U..g*.0.jY.YQ.._...Z./.^ .4....R.../.g0..T......A..(......#..W.3Z.".$......7....(.1C..1....<...*...).=.+_..Y.g.....[..guC.x.L..u.4.Il\.&.=agN.1.G3..[tH..T...*R..l.{`t...{..u?..j..a.....Lr.-.......(;s845C..........._.zx*....-..\.3..`#...1....H{q.=mC....-Wob.<6]CV...^.c.2.g..E..y.M.....Xc...+...y...P.h"...J.c4)F.K...S.c*.....?f]..6U(.!M..@.C.N......:..5.g.....@..&...&..}]K.4...t..u....tVn.B.x...J...*..m......&..........j..V-....`.:..1...Y..`c.T....G6&..a.~7..@.`.;...n.o?\.I....!...].U/..... ...)=....Oz/..,.,../......I.....A.a(.2..W.V..P..OpU([.i6....v.?..e!aS>...Ul.*\r...|.!.l]..~....D..sZq.[..9I. G6".]..n.......q.e.K..(..k.a...G.P.2..(.......#..N.hL..Iy.;E.\S%...5/.;...A.... ......z.Wb.. ..;m:l^.C....%E?..k..3y.LY.b.#cv?...;.. .s.pv>H8......9...r...,..4...xU...v.....;.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8422
                                                                                                                                                                                Entropy (8bit):7.98061961144777
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:j1s1JE5HTslMetGpnFYdVHH9YrB943yp4lV:j1s1JExT3/FYdVHdJ3aq
                                                                                                                                                                                MD5:652E2F481959DB8C70B7EC173FF1F065
                                                                                                                                                                                SHA1:54C47D444EE0CC6AB4684542FFC2C8749E35491C
                                                                                                                                                                                SHA-256:26310DE098DD2DE1E65F8DE8DFC5803752B267B01E90898FCC846E21B6246FEF
                                                                                                                                                                                SHA-512:236E650D4EAB3BEA0B4235042DBE787527C2D9B3A4E878F0D36A66CD1C72B9D744EE037DF21D67A91177DC307218DBFBE879CE7362563FC031DFB7D4F317B20A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:it..w..{.I*?..o`.KF../..<U|fs...b#.).v..+Xj.h<.Y.._...7.%(..z.(...Z....kv..e......WCM..%..<...1...<.D@.k.j.'8..{..4v..k.#I6.L.'E.^......+....l."..24.g5..t..}.....;....8......v...}....G.....V.G.v....9...x...k.\.T.[....E.....^Y?.k:<.H........h...a..2t5..Mo}.<...@..I?....B.b...jV>.....HB1B........b...`.GK...~.Q8.....|v.... ....<..PX...CC.1..;..,'.]!..<...........s...qS......*.s0.d.._.c .../...t..%...G....A".7..A#.GH..X.\........}=..9LqO..l....kg..... Q..\.....E.|..LFO.%.`....^x..0+-.....L(..#...#.i$...f..*UEe........ ....3]..F..sG-...#v8.V..8N......}...%...zN2...x9TzW.}Z!....].."."s.....$LX..}........t.q.Z....|37g....S...><[..<A...).a....'rS/.....6.ih..B.<..%A......}........+...B...R.>.....;.^HV].....x77..x...3.y._N.J...VJ.uB.......pk>...e,+@dQ...v{`.N...I...c......NM.tf...\BXG9...ZY....f..`.P.p.....<.<.W..e.}kw.v3..*.o.......n..KTi8!b.....=!M=..B..m..B..E$...j=..&E...B.M8D]h.....IGQ..q.rJ.t:W......S.7..+.@xA..~<...A.+...#.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8422
                                                                                                                                                                                Entropy (8bit):7.980086264180518
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:6dAjn7b7fwlwq4hFaVu/rO1+lkfvi+G84D2KsHwcrxix:6d47b7IR4h+u8YKvi9Z1crs
                                                                                                                                                                                MD5:4E5229F3CA97D136CDCB8C5CE12F627E
                                                                                                                                                                                SHA1:D4B437D69A59452A9B67D19FED8A86BFF9521ADE
                                                                                                                                                                                SHA-256:889DA918DEB5667436B01D5DFDF86B124B9B54D0432E5D3D5D31AB7E274510DA
                                                                                                                                                                                SHA-512:2B2A7DEA59CE24FBE782BDDF6C71B31EC5F03307703A3B39D58BBE556E14685AA02CB24FAF0680A039E8A31E1453DFEA60AC407B4433E08FE54D9F80BFCB6B4E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:"..N....Jh..+..j.!D.i....E..1.:W!:r5x..t(...Vx..*.asQ...c.`....[...0Fh...l.0.].4RF.%0.\..a,Le..Z<......Hb....."T.N..}.......L..*... H.!Z.w.}.6.......y"".aN..oU)...Y...\..s...y..cC:,Y..*......A{W..P..-p+.t.;.#......\.........]p..LP.!j,2...w.>U....2....v|N.....o.T.a...#c.......(.;.v....A.....l<...0.R......m..(>1.8..Z...kO.mv.[z.t......v.t.G.T........).".O1......f22..@...sw{.J.........2Xh...Zf<A..;.n..zG..^...D$..v..A...d.-.T.|....@..Q./Sj..{...U./4Qp...RX..33.!...N..}L..!..M;.\...+...Hbq..P:.+...)...J.;...=......+...{....9Y.{..J....o....8...e..pI..x.J...<A..E..(E..}.($..j.....\.~.>.F;.C.`....fMJ..&k.;.#......X.#.b....k,.>.B.W..n.T.ZwO..Mo..@.hhv......*(4...k..%sE.......{C>...jHW. ..H.u.r........w%.wsaks/...X..O.r..<....2P.H.$...,....%..9.`.(.W...(.0W..;...e.O.fP.cU(...V$....T...5.{h.....Y.BC.(...2|v. ..9...j...1..t..,.U.."JD...>*<.l.j}......#.V..r8}....X........V.\ .5..&.3....%%;A.&..~v{..oy....S..x..$I[..0w..%h._{.G....i.({.....).+`..P....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):262741
                                                                                                                                                                                Entropy (8bit):7.9993404371860635
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:6144:2grXhNMWStaHXV/LrOqhP9xnhQvzgRNDZe7BFmAaZpdGMr/:7ZcaHXR1fxnKvzgRNDZeVFmPCa
                                                                                                                                                                                MD5:B6F17E1BEE287060DBE814B7CBC3F199
                                                                                                                                                                                SHA1:67675D95D567A616CD1850BF083FDA7588111E7A
                                                                                                                                                                                SHA-256:6E9417D4CF6BF15E255A18DF3AB26EEE72994EA3AEFCAA5A30757818D0CA18A6
                                                                                                                                                                                SHA-512:1501CF79D02BAF2272E5237AE0E5053C91168E83A76D54E71C53F2235E6AB8D1179E348669E8562507FA97FC4C44A631FAD05D78466357CD1B4CFE2A66947303
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:`jV.A.....;.....LyL##x.f..O../.z..N...T..G.0...Yt....b..)9t.T.$.#.>.Ss...Atvv:.(l.E...O.vd;>..n...=...I ..7f..$@....kB.)l)....ji.....ctyz$`.?cC+l..,.J....}....I.J.....l.....w......D....C..'D..>Hl...W6....*.|.c.[.%.$.Y........K...h........f.o...8#O.\+. ..3..G.f...>:...C;..%...>..t.2..d..|......z2n>w.........]sg.A....W..Mx.....sW..?......QN.T.x.0...[.b.k.UI..1.T`....A..,\./5w.3..w.%.j2G.=...n....T..4..3..=.!.<.}.....&..=O.....2....\f.fU..lP..?[.vGF.'"C.*7d....w.U'D...3...V....w.]!?.C...]?@.c...`.Z..D...<..$. ............NT...J.8Q..<}.K_.....(..o.z ..8r....N.d.q.9.V^..B.......-\.......4.Y.S..=.H...e.......Nq.+o....Y)..yD...?.?..{........O..+..f...2..8.S.....X.3..[....m.'gt........}.'v....D..3..mM..[.....sZ....+....@......J...3...8...0.7.v.QbT.|..1.L.....ni&....B.g....O...F..aV889.......G.R....^{r..xu.q}{.l...L.>4........g.....k_.....T.~MH..Nk.../.CsJ..,.,.Z>.F..a.,. ..-+.OT..H..A)N07.~;..)..)...nYsy.l8E$..$..G...L./.j.w...^Fr.}....#
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8422
                                                                                                                                                                                Entropy (8bit):7.977008311881361
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:S0AmZf5T9imyQhdCFxOhQTUtqMN/imdsrDwKZT5OpT:S0jf5T9imywd2xOk2qMQrLOx
                                                                                                                                                                                MD5:73F533C2852B70C7D295312CD914BDAD
                                                                                                                                                                                SHA1:A8D68208EA8E3AABC409A8C222AD99C40A15841D
                                                                                                                                                                                SHA-256:927FADE89027C6441DA7BB4D683F1495ECD7B073A1F651DB0FAD4359A32AB051
                                                                                                                                                                                SHA-512:AC181B89CEE8DE18A9D87EEE83D92F6E2F5698543A12B878904AEB1E8C4FE1BC63E1624262CDF059ABE2B7D99FEBF83467E948762CDC83CA46570CCA8E7CC808
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..W......]VP....&).H...&!....m.."3..x.aQ.....3......d...v.9.ho.Nm....*..$..P?..:l.[p..U....f..i.F.sE6..ei.AD....L.'.e....0....*7..7.j*Jk..Y...).6..?.3r.k&...r^~..'...X......"8..C...........AZFmsmJ..c.Z.3....2.X.....`l......(.-.3?..;......kT..Q.3......D........V.qa..m.!.h...........@H...\...?P......Z...j...:...\..'@.......0..".}.P.h....p\....h. .m.......3.#.6......... .+..5l4..Yb...AIO......87..H.....M..(....I.Jl.....V#A.H...?.X..D....G......0..[.(.....?.)|..3`M..1......}.1.V.......uQ.....&........_.`.1.t..O.{5;{.%to.'..........9'..S_.n.h.u..........WNp./T.6.r...,3*..@........f.".-.fGA.s>....=..+...;....rq........N..E...K.d.. ...........}w.~...A....X.H.S.*n..i..W.fnt.(1k...s..%.C..J.z.~..(.`.E.~;......b4..5.fx..D..~.....6...G.......m^m.J+p.....j ...I..vSj.]...?..#.kt./.K....NR.$.n.yD.....I.\k..(+.8.%..../....T.@..=...7........H`>.2...~.Z....-.r9..<...-...1:...Bc/Wi...!2c.)..r..t..#.'.z..S.w...%.c.J_.%.I)f.v....K.`.....=......U...Z..vn1..z.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):270566
                                                                                                                                                                                Entropy (8bit):7.9993458277634435
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:6144:gFEjIVYQWsfpZ1tChdcJjO0TjSkTOGVHkHisf3coI/7tf4CYj5:VIVLN6hcjOi1VelEHp4fj5
                                                                                                                                                                                MD5:00CF1669985475EF54266BD7B899ED62
                                                                                                                                                                                SHA1:A3B35E4B6C2EB30A8A33662B941E3C4342DDD4BA
                                                                                                                                                                                SHA-256:B21B7D5F15453341D7D53E7B4F129F0C3C3AA47273B3C346BFB1B1514A74EC28
                                                                                                                                                                                SHA-512:0117C258AEC17886F679F81FED2685F157F9C7C82DA048FDF5448E3A7FF0A732FAD6F185794DDB31DC249CA6B5DB0482596B25783AE5BC692081320F8ED4869A
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:%b......e.3.y.uw.Ww.@Ryz..y.G..2..+....,..9.\.x.0.>'.5........gj^.xp..*..G@.._Q..S|*.c.,..^.N...c[;.$.|..V...S....A..!I. .......+.......3......2.t.,&.........&..0%~.bU5....v.W....{.....`.<.rbm..e.N..^@.O.X....I..?....C.......o.L...q:x..4.!'k!s8,.3..F......{.0...,.|6_.p}G..&+&.. @..n.X.k.K(....3....z...z.*..zfn...X....j.t...K~...|Y.....LK..r.l.@....m..p.pJ{....+......L/h.X.9....?..+,.Fk.....@.O..X_.3....h*.J.b.$..y 93...z..k.)#x.ouz...z.r.L.v}.3.o..X...>.+.m.5NS....)...b..9.;f.7.kI......>a...b,..i...]{.[...q...6.22./M..>....u.u?NVn@.a(..t.~;..J*.Va..:..u..q...12......>(+.c&d...i...E..u..:........I..X.v>.j...(d.6.B.......`.2...b..|...N.y~w..kv&.<.\.g2HT.._.l....HG....N.S.T;K..#....%....&[.o\..........KM.f.......eR!......i?.v.....c.%f.a*O..Fc.._...,.. x.(5;....,.}......1.Wa.I....H@.....6.:........8.........4.1..q.{.....mm....}....UO.j..lj,V...n..R...s42.l..E}.../}..z..spt.....W.>.:a...$.w..j..q+:..5....p..f...t.V..9....\.i=.._.k...Go%.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8422
                                                                                                                                                                                Entropy (8bit):7.977182852511374
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:jX8lH7ULHj91Nr67BoFNWqMYEX9gZHV28bIpqBuL7ryNRwt:7kUjbl5HV28eyzG
                                                                                                                                                                                MD5:07310033E2882499E08DEE0F1DB33911
                                                                                                                                                                                SHA1:636893C50BD03EC7CD7ED7633EB52DC09811E222
                                                                                                                                                                                SHA-256:4835A4E3732ED2AE8C6C4E9F3FB406B68AFD381D7D20F749C7DEC4D9DAF149AE
                                                                                                                                                                                SHA-512:CDBA2E2EFB2BC522F3A3E8E7A2E02F3DE8BA4F4AAFDF3F7F6B4D83B1B30EE6BC80234A75D3A20801AAF1D240B75ABCB3D878EC0853C2C268F6C48DE7059BA9E1
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:vw...'..Nf...`..&..K...0..dO.4.).D\U.%)..q.....Ya=.`..B.3q......!<J....wH.i...|....#.tm.mOc.....F/S.(..&C...|9...........<.Z....Oc...N....j..iT)........x.S.b.8.oF....b.0...E^9..."....6.U98..~.9.d.z.u...........i.}.T..p..-...+.Ps..2-L..l.F.h.'.6a..G)7~....E.?(....F.....-..'.W.B+.}(Y.bA..._^:[..$-......F 7.bM;.._..Z...!.... o.Z..1.. .@g..!.:p`t...^J_>....I..%.|o...{.(...#.'U.....2.....I..,.+.l.."...RB.|..A...y/...M..l1..R.x*..-....`>O..s!.6.2R...#>g..L.14V....>.....w..#.u}.....[......{ut..].CX?E`.'..<l(.j...!..U.S.df..N....B.>....^.J.....6.n...a..8d7...A+.Co.n..64...E.g;.LE....h}..,G.5..?Ya...T..w..n...cn..P.U.D...5..l...F..A0..pE..'%.`Ou..c...w;.0j..&." {...A.d..V.E.:._{bD}....;..z.0/..L...?.E>...s....7.`....K..M.E.....R[s...eL..+....!+........G..*D.zmw..9V..1........LY..._. ..a.......+...Y...*.5.(y......&&..4..+.e<.z.Bi.6*....T.k.on^.)..K+......w*:p.`paVl.j=f.h.w...z...s...lQ.....#L2...L&...z...[...i.*.5W......Y...r...j.bm-M`z..|.....8.l
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8422
                                                                                                                                                                                Entropy (8bit):7.978967830669291
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:pXb+fIxLXhWewcf06ubzAcv2pesQGXvZNrXlW1Mfkxq0QA3:dbqiHfBGkesnXvZNpWpq0R3
                                                                                                                                                                                MD5:58B3FBA5B0DB7DA87C676E408D4079F8
                                                                                                                                                                                SHA1:78193FA52E94C9D2618FC03E81A675A9A556EBE1
                                                                                                                                                                                SHA-256:B816E8E8915EF7BD59B006E631773C4B560F5994ACAF5F991261C30622E3877A
                                                                                                                                                                                SHA-512:3B38CD04732BDE0A340FE3C6556B09B9E2C8253EE75007F0E150AC3DC46FA47D6A59D5EA7F6D0863256EAAFBCA7331A405B053CEE94F491848F4998CF633EF0E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:o...Y.*.M.Y......lIY.....s..+V..g..../......+]ba..~.C@..F...V,.SP..9...8..G.y..1k.@gw.V...D..)h..[..Q_..-...m><.~X...8.`....Bv..r.S..x.r.........I{"...W....pS...w...]@..3r.K........f.%..=f...R..T..W..>K/n.!.....d].a^.F..J.M_t.:}....&....^*/..%.(.i..(x.6|R"......u.....;c.......^.i...(./.Un.C.g.6..G.....FsC...R.n......g.\d,,+..l1.P.s......#..M..y.).Q.....I..}y:.........b..9gi.:.sX<.m....wq"..)0..5X.GB..4~...p.7. ..~Z...=,yE..&.....O..hw)p.I.4._YY...`.k...'..D ....X..R""..~9.`I.W-..k.cd/...++....}.s.7!..N."..2x...S{...#a$...+....|.!).x....>..+.g.....$C_&S.3...O[.a.po.!@..4s.WeB_3.xX.8.asT.....im .xp\...8.q..}sX_.g2..~...U...8.X......B............).......>;.....v.r.4..:..h.q.....3.......I.C.r&....\..4-R>.....SJr.@[l...#...5U-...."'..._..af.......i\..G.....b4...r.q..g..:.(....&.o...R..q.VT.%\[.pXt[...F..u...j......=....e(.1H.I..i..c........0.....A...,mEj.`...}....M.nmB@....J.AZ....~.}..bc..]....\+.].`.j....2=...`...E...[..|.`...\..u...R..%
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):262741
                                                                                                                                                                                Entropy (8bit):7.999317095284534
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:6144:CfIyv/u5s/Rwd4vBdrXRnWjRQPe6jIB2E3XJXAOVyqQNOkW:bNyOKvBdrXRWjRQPehxnJFwlrW
                                                                                                                                                                                MD5:7EA69080F48521042A9E7FA99F2BE1FF
                                                                                                                                                                                SHA1:8DB600052FC662EBE71CA07492F8A9E132EFB33A
                                                                                                                                                                                SHA-256:030C304163A902638F1171157D4DF7E0BAC7919BA6440112CB104327CBEB54D7
                                                                                                                                                                                SHA-512:2730D39068822C442B8B54D4795AAB35494B5CF0D985ED1B1EB31BA1A02EF5C190DE286F35E56C9D35DFE725C4A488FAA13F0EC36FDEF4FFF3528E6DFA7B7D2A
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:..vw..sr.J..n;r...k=@..... :e....u<b .......T.j.:+(u...P@j.?s..E.....(=...Jb..3.h..z.GZ.g.=.p.z./.0Q.X.w.47.L..sy03.>.8c...gl.2UY.Y.."@....#..1.......).|.....{.C....@w....;....k..ra..._Js Uc..j...|..D.t.f^^ .=...a......t.G...l.!.....]..2h\...k..5K.....B.#9....RH@#......@TM..<D....)a.J.?E.p.{Y`..4u.Ft....QF.(]......Q.-d..dr^.W!..iZ..I......n.E52...,AC.*G-....*5...]..).D.!D.......).......:L..I...(.I..4...T)...cW...G.......x3.V. .@=V...".j..1..<.N...+%..='..../$....yA....?-..H....Ni-Z......p...*.Zuu.c..z.R.A_`.?..F.#..&..r.z&3U...ky..\....q.p...9._O..<Q...I.8{....uX~..@.;K.N...p.AD=P...y.k.......|(....m....#9.v....Y..1....b:y.....9Pq.qU4.7.,.;...-..]...._mT.|..y..C.?le.q+.]...l.,dm).>..Sg:.U...."uX.=..~..d..5b*....u^T.......FrR}.U.A. t...);.%.!.^.... =n.....Ry..p.j.O..Q.(..B..Gl.`..\.iD:..l....n..[>..;..q.lDZ.&.Y.Pv....*...;a1YP...U..A{u.#=\s.%.G...G.....<......[......V...(.6Z{..9xO@W..c....0I....1..8....H....=4[v7.p..t...@h......f.....eD
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):262741
                                                                                                                                                                                Entropy (8bit):7.999376054739171
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:6144:ERxiRsk9BgKWrlvNURZayfhf/mYU1kVyUaP+kb:EgsuU7y5HzU1lL+q
                                                                                                                                                                                MD5:F2847C61A58299FE030EB13CB48B8018
                                                                                                                                                                                SHA1:D1F791C1E84E8A9ED3C3E106698E015E09CDB8F7
                                                                                                                                                                                SHA-256:A4C24C56B9B0B022FFE1886A34D28FE303130CE693D4F4D1A60D13E53244EABC
                                                                                                                                                                                SHA-512:C3508036606310ADE108604041B33BA1CBDCC7D89AE4997903FC0D9822F719DECE395849F5505D447D634F7B3611C5235E111B6C489BBE09991E48DB80013C8F
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:.$.9[.....5.Z.........&?.....n...VO>c.P..4hDn.E..,...dW.3.....]K.p?/g+.bB.'..x...cs...D..:.6_q.2G.Z.5...Ml..O....T6...e.cSp...q....#..n...w...V.G.(...WB..A+....GJCr...a.......-.......+.Iv..|.M@....!...[R...W....G~......\bt7..YH..N.)L7.H".B...$.|.9..D].K(z[.W.Q..\...K*.y..._.........}..<....{.=.....(..`d.....#j..O.}.}......H.p.1...H.d9\8..+.G>S*..5y....m.e....7.\..2)..o}#.Q...w..R....y.5...`.l.N.....x.`Q..jW...?.>6.g<(.....9.....&..UJi...[.....Ky...?0>....6.Yn]G$f".. .J..2?..'z...dO.V.(s3..s..38.k..;..!I....c0...9...^...2..o.s.......K.;>..A.'........W.w1?.i....W...9...x..E.u..>....D..R...-..-.lyC...../a.D`5.R..<..H..N#......f`x.Q#.a...K......b..h.z...I\G...Hij....<P.F...<..T.D...j|z......F1....C.>gD..X...^...Ax.Q...%nK..f.....Y..N>k?....L.)..%_u.O3k2y......0..8...^...,..A..;$%.E..O..@xl.V....n....f#.l...........c....`...eCgTH4....{.l...k.+.......h.I..e6../.f.p.2......^C.(|.k|OqK..?..?s.U....!....'.]...f!.n....X.....i.%...v.v..e'y.9.^..g%.,.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):166208
                                                                                                                                                                                Entropy (8bit):5.340923527573613
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:d+C7FPgOsB3U9guwwJQ9DQA+zqzhQik4F77nXmvYd8XRTEwreOR6Y:0IQ9DQA+zqzMXeMT
                                                                                                                                                                                MD5:E20EE193470956B8F4E3D6F18FAF265F
                                                                                                                                                                                SHA1:3AD95EE7722053052E1C31163FB90E005927D334
                                                                                                                                                                                SHA-256:56FB1618554060DC2244ACDC380F2132ED85C54F0F539E6DEAE2FCB4E6293668
                                                                                                                                                                                SHA-512:61372A09B83170B3E94E75099B0892D82F7F08AB9D8D2D044752C0B92DC6598151F8864C0F9762193A15E1B7B036FE0C75CEE2BED2652F4E878176760657065F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-05-06T12:05:30">.. Build: 16.0.17629.40127-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[MAX.ResourceId]" o:authorityUrl="[ADALAuth
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3023002, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):0.09216609452072291
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:lSWFN3l/klslpF/4llfll:l9F8E0/
                                                                                                                                                                                MD5:F138A66469C10D5761C6CBB36F2163C3
                                                                                                                                                                                SHA1:EEA136206474280549586923B7A4A3C6D5DB1E25
                                                                                                                                                                                SHA-256:C712D6C7A60F170A0C6C5EC768D962C58B1F59A2D417E98C7C528A037C427AB6
                                                                                                                                                                                SHA-512:9D25F943B6137DD2981EE75D57BAF3A9E0EE27EEA2DF19591D580F02EC8520D837B8E419A8B1EB7197614A3C6D8793C56EBC848C38295ADA23C31273DAA302D9
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:SQLite format 3......@ .......................................................................... .....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:SQLite Rollback Journal
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4616
                                                                                                                                                                                Entropy (8bit):0.13760166725504608
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:7FEG2l+xl/4/FllkpMRgSWbNFl/sl+ltlslVlllfllvX:7+/ligg9bNFlEs1EP/f
                                                                                                                                                                                MD5:79D7A963FB6561492DB3047CB6C3C600
                                                                                                                                                                                SHA1:6A9E43CB5FFB762B12D24B4A9F8085FF5D419997
                                                                                                                                                                                SHA-256:1FFEAEF715E73845E2A71769658FD2BA1AA0CACD8ED6D7A127FCC1B0B5A46BC3
                                                                                                                                                                                SHA-512:89E0281B34937E80EDFF6AF48A49CEBC6E956CFCFC73E800F58738F4D5A4ECC8953A6394D4FCC5A5FAAA6158FBBC89EFF85B8F5C325FF02073A314A1A77AFCD2
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.... .c.....T......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ .......................................................................... .................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                Entropy (8bit):0.04495055541749482
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:G4l26BrEPhNl26BrEPrSL9XXPH4l942U:l26BrEPR26BrEPrS5A0
                                                                                                                                                                                MD5:85C022323244A25E97A9C8F9C78E810E
                                                                                                                                                                                SHA1:8BDCBD1E20175431BB5E588548E3127864D4239C
                                                                                                                                                                                SHA-256:1F7C37D20C0EA3B25010EA83D73BF083AA642F73D89167FC8B355BDCBB4EB28B
                                                                                                                                                                                SHA-512:348A573E50122EAFB857FB2C5811BC6ECC20CB6CF086DB1AB84437141FCB02EFCF020D1C6A8C8339A390E761CF4A81AB69AA676A2B89F6A918E1B25203F611BB
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..-.....................T.$=#1p.........~.d...t...-.....................T.$=#1p.........~.d...t.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):45352
                                                                                                                                                                                Entropy (8bit):0.3948326741812375
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:ytx/6MQ1VqXf6xUll7DYMVGay6HtqzO8VFDYMVqh:De9ll4GYjVG
                                                                                                                                                                                MD5:8B6FF0C636B83E8E039711FCB431C3F6
                                                                                                                                                                                SHA1:B39855FBD39DCE77FC096AD1D6DF7F2C4B947795
                                                                                                                                                                                SHA-256:47A419D964B84B5B5AD8D4D279756E6C4432902D11466333DFA1EF355AFE9911
                                                                                                                                                                                SHA-512:65F012ED6DB2306DE2718D11F0321C62C6FFB71394674DEF3DBB58C634BD7801125A70144E6D1CBBA9675D20FE527F315DDD85E1BA27A92656431710E40A4B5F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:7....-...................y..`..p....................9.@vSQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):49152
                                                                                                                                                                                Entropy (8bit):5.037046545210704
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:isALxV6i3Rsc4I4Ki9iHaHUiFjrKdi4Nu9ArV5ZmDS2WfVP+kR5AVeuQ7s+liso4:isANVh3WcgRQHaDxn9AZ5Z/p+ki1QLnA
                                                                                                                                                                                MD5:58A79CF0186BED3ACEA6F5A309E6CCC7
                                                                                                                                                                                SHA1:C43D5E57FD495DFC893A564144A1C8457788E461
                                                                                                                                                                                SHA-256:92776C9DEEB7F7567F1BFEB02ED0582C99164B7343CE448C990E41F570BCD183
                                                                                                                                                                                SHA-512:01813CC0AEF359888151897A8DCEC497485416D1170352782ACF895B0AEF74980CF9E6BC9E2C3C1F67EB7BB11411BAD722922FED0A8D501BA42E403044E2FA42
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:....P...8.......@...@.......................................................................................................................................X3..Pk...@.............................................@...@$..@I...qCp..a..l+.N.........<..>_...F.(.............-...D..h^..R..@ ".@r..@`....?...-M.U.%.....fT...e..^%..x.....................................................................................................?..................................................................................?.?..?.................................-...D..h^..@...@............?.........................................................................................x.........~..................................p.....................................................................................?.?..?................................................................................................................................................................&..\...@F............<..>_...F.(....
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):0.04401584019170665
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:RRk//:Lk
                                                                                                                                                                                MD5:CD74ABACE8A00B17BD8107BC5982C21E
                                                                                                                                                                                SHA1:D53193CF8A43D766FBFA52976192F44D6B0F79B2
                                                                                                                                                                                SHA-256:B670BC07C9CB554511180DCF3F6A2C7818E8CE6E67B84784F0EA4D35EC61D516
                                                                                                                                                                                SHA-512:1B48A37FCF0F9FB9ED9B31A8F3E36596689BF1EEC6F41F5EFA3C728121944919CE7A81F0379A108D80AA051CFEF07DC296F9C0691FC8855983B2F29EC15C7FEF
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):0.4996453965027384
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:vldawlAuil8xt/l2l+/lnzaoe17ONaoeC8tOkdaJ8l/bl2hliJw5YqJylTmB+ElY:NTc+IN+8vGwJ8yBmB+ecw1EVXhmB+sK
                                                                                                                                                                                MD5:B25DC81DF282BE0E2DE0243AE451FBF2
                                                                                                                                                                                SHA1:8F3F467DC45ADC60337719FA63DE72ACDE3590F7
                                                                                                                                                                                SHA-256:C59AF35BB87CF7B071803EB93DEC6CAC7B8E134AB94BA32EF89A4E8905D26A81
                                                                                                                                                                                SHA-512:71931B37F6D7CAEFCCCD474DF60674EEA986C9057667937915355D6870F8D933B5F9FF2FD1EB5950E858DF462D2134B09825C169427583944A481E24D75EBA4F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>...........~.......................................................................................................................................................................................?.......?....|.O.J.o..].........................?....|.O.J.o..].?....................................................?...........................................................?..P..............................................................................5........m;.H....7.5N.........\.............Z.....C.[.4........N...^............................................................................................................Z.....C.[.4................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.74758066465627
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:K3OPsDapxz3L94xyw0LIBlkw0LPq8FFvECLXeg1wEwLQh4JMbcbbjbbwabI18:K3ypxjp4xyLUgLmktECKEwMh4
                                                                                                                                                                                MD5:9665EEA35F5381479E9925235A99865B
                                                                                                                                                                                SHA1:96548026549CAB07640941DB1EDA9EC0B831BF74
                                                                                                                                                                                SHA-256:BB9E6BF3497C955D919EC28FEB97798BBC6412ABD598413E0DFC635204A77D5A
                                                                                                                                                                                SHA-512:71CE5BCB26FE892F2940106BE4EBE1F3F727DE2EF783BD2EBA454FCB01D31F8881C814109924F3190DD761B84B5B7C08FD05101DCCA811CE7E8982B3070B2870
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:j.......`.......L..................................................................?....................................................................j...............L...............................'.0.....'.0.q.p.9....;Z.;.....Z.;.GR5....... ..@X....".s.AO.@X.Z.;.GR5....... .Z.;.`....?...-M.U.%`............Z.;.....Z.;.................................................fT......fT...e..^%..x..QFn.....QFn....N....yq..2...,...^.......................'.0.Z.;..fT.QFn.AX..`............Z.;..|..Z.;X....Z.;..2..Z.;.....Z.;.."..AX.T$......T.N....T%j......QFn.....`....c..,0...e...B4.$..........C@RQ.H..B......Y....................AX......AX..>..A......$[`.......`....?...-M.U..'.0.q.p.9....;'.0......A.J.f\09......1..C....k.{........>...............Z.;.GR5....... ......A.J.f\09...1..C....k...............fT..c..,0...e...B4.$...........I...M.....0...............................0...........e....4..................T.i.t.l.e.......|{....B.l...R......(....Y......(...D...L.e.c.t.u.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                Entropy (8bit):4.741976746184895
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:3sneSDA1E7TXJUoRRi+a3joJUgLdi9sH8FFNI:8wW7rHRRi+A0dqsH8Z
                                                                                                                                                                                MD5:C362CFAEC740681D1D7FA1594AD85336
                                                                                                                                                                                SHA1:74FA62FE03AF06F80A247E3E86AAFF8CF197F242
                                                                                                                                                                                SHA-256:7749355ABC2704134FD3138C41D0C1CFEF8D50899DB32BB9FC06F05090FA6AE7
                                                                                                                                                                                SHA-512:E81C83B5A81F32CF27B7F0931ADF00C0CEDD6A390CA942742D3CFE904DE4857B9DAE74F3E9ED738408321C85C93655ABB55B45EA76295DBEC7182717BF972445
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......t...v...h...................................................................................................................................2...>...P.......v................................I.......I.qk..B.....LZ....4.......w.(.=*..X.T.....w.(.=*..X.T......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............m.~:.E0..ld....x....N...^...............W..n%..L.{~W@...............>...............................$....I.qk..B.....LZ............m.~:.E0..ld....x........m.~:.E0..ld....x........................................................................j.......T%;...............W.....H.........+.......S...............Z4...........................................4../4......p...............C.a.l.i.b.r.i.....................:...k.....z...y.. x.. ...........$...........7...7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.3
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):40884
                                                                                                                                                                                Entropy (8bit):7.545929039957292
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:MCBOA4d+ElOXJ/3pI7cRBiL7L6qERqGz65WXzZqJsKQSbIsTT6XB:hIAU+2cGdLX6qBG4WDZl4Ihx
                                                                                                                                                                                MD5:7379775A1E2AB7FAB95CFFCE01AE05F3
                                                                                                                                                                                SHA1:3D3DDFD8AC7E07203561BAE423D66F0806833AB3
                                                                                                                                                                                SHA-256:9301DB6D2D87282FCEE450189AEACE16D85F64273BF62713A3044992B6B7A9E9
                                                                                                                                                                                SHA-512:4B5006E620E80D3A146944649CF4CA619782CAD7E8C4CD0D1DE0EBCA0FA05EACB7378DAFCEED3E26F5698B07F19604614D906C8F51F898660E2F129D8DEC6F62
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1A.....Qaq....".....2....BR#S..br...3T...C$.7(Hx....4D.G..Xh.cs..'..t...%...8.....................1...!AQ..a...q"2.4Tt.......R3S....Br...#s...Uu.bc.de..$D..6..C%E..............?...z...;sB.yv...........]t.\...n...../....m....M.=.3G+..x+.....S).*&.J../..8..O/+..sG...p...<!....~.c..C.w..,[oHom.wc-.J.~.......L[..6...'..i_..S;...!Y.z.q].EK..M.x...i.x.+.;.+...}....#......f.)........e6V..p.;........s.)..Ml.J......IU.6...<9+9.^..l..Y...[._...2..^..j.ia...._..3.;...~..<3...;......z.^.......]..Qk.,...Yk...3.3Jy^p.}....q...I...&..t.......;..9.g.GH;..'...%...)..[..y..../...zCn..>...'...1e.Y..;....]..7...N>t..m-.j.............H^..T\.q.ru...}...eTn]I'r.^].#..wOY....v
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):12288
                                                                                                                                                                                Entropy (8bit):4.399761155534187
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:HsKqaRFXFdbq7wqY8LOENDTS8IAxDORVLCRj8X6qRkbRP6CNyWH9yi78R8w8Juj:MxOFDMwd4OEJmnAx8VLCE6qRkbF6Cnds
                                                                                                                                                                                MD5:F1DD9F8D6E86A67684F3E1D3C3B3F57C
                                                                                                                                                                                SHA1:7BEE61CB9FF0267EDBA7194714B0D63EE54C30EF
                                                                                                                                                                                SHA-256:F91852A480B75F3CB6A68E7ACB495CF2E56C9504ECC3DB2A623EF44FAFF22768
                                                                                                                                                                                SHA-512:5E23B453DA64F7D9A67BFC1A8E3A79D1C6BDBA0226519C43248EA894CEC289BB332C0F78AB920FB63ADBE98C1ACE5294F0F894EB32FDC8C486715A6547B27758
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>...........v........ ...)..2...>...B.......v.......@....(...........................................................................................................................................I.......I.qk..B.....LZv...H...v....@...&...F.v....@...&...F.v....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............o..m......T..S.....N...^................m.%.ZkB.\....0............................................"....I.qk..B.....LZ.............o..m......T..S..................................v.......v.......v...........................................v..j."..v..T....v.......v....T..v.......v.. .A..v.......v.. ........v..3v..:v..8v....z...y.. x.. ........ ..$...$........D..........7...7.........*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.1.5........................Z4...........................................4../4......p.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):24268
                                                                                                                                                                                Entropy (8bit):6.946124661664625
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:d2wiieoHTRh5a1HAteZCWOZIM+L7WhNjYn:8wHFHJ+/OZIKhNO
                                                                                                                                                                                MD5:3CD906D179F59DDFA112510C7E996351
                                                                                                                                                                                SHA1:48CDB3685606EDD79D5BCDF0D7267B8B1CCBD5A8
                                                                                                                                                                                SHA-256:1591FD26E7FFF5BE97431D0ED3D0ADE5CFC5FA74E3D7EC282FD242160CE68C1F
                                                                                                                                                                                SHA-512:2048CBA13AF532FF2BCC7B8B40541993234BD1A8AB6DE47B889AF3F3E4571F9C5A22996D0B1C16DD6603233F6066A1A2A97C16A6020BEDD0826B83BAD0075512
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:19:29.....................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................$.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....)......[]t.\Z..g......A....&D.$LH._..X..Xl...`....cZ.X.........>......f.Z.X...]..~L.S..@..I$..I.IO.....x...s.g.[f.h{9..
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):12288
                                                                                                                                                                                Entropy (8bit):4.648935352788596
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:4EsRLMIHHSLVm+iGa9hjnWYNJArXCvUS+7B6XsPTPRpShrboJhGbfQF9kQtYaQf:4ZqGHSbanjWYcrXjVUsPTPRphhsfQnkD
                                                                                                                                                                                MD5:05B2BBB307DA1130ABD48294BB96D5CD
                                                                                                                                                                                SHA1:7430A8E68E316CE643FC55765BA6AC260A5FAD79
                                                                                                                                                                                SHA-256:44B80014F4B566FB350A3EBCAF08C8FD77E8DF822FD18AD5486073D48B964817
                                                                                                                                                                                SHA-512:E32482089A7DB94136C9D861A5ADD6077C4813C312B5464456F9CC5ECD703F4A45C7A11CA95AADDE92B42CA58FB8B76CBF0F822C920B50D66DE2D9F61A42B6B4
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>...6...z...v...N.... ..X,..2...>...........v.......@...H+...........................................................................................................................................I.......I.qk..B.....LZi...N...i..h..P..g.....hi..h..P..g.....hi....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..................n..7rD.(.~.....N...^...............;....XN......G............P....................................I.qk..B.....LZ.................n..7rD.(.~..................................i.......i.......i...........................................i..j.9..i..T....i.......i....s..i..H....i....0..i....`.&i...........i..3i..:i..Ai..8i....z...y.. x.. ........ ..$...$...............7...7.........*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.1.1................Z4...........................................4../4......p.........
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):39010
                                                                                                                                                                                Entropy (8bit):7.362726513389497
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:6tCjwO+E+KW0ZtOgepcoWW4pAWQ6/KWcR474HOAZaDfK:68j+E+KW0HOgep/72/NKWcRNefK
                                                                                                                                                                                MD5:9700DE02720CDB5A45EDE51F1A4647EC
                                                                                                                                                                                SHA1:CF72A73E1181719B1CC45C2FE0A6B619081E115E
                                                                                                                                                                                SHA-256:7E6A7714A69688D9FFDF16AA942B66064A0C77FCD9B3E469F89730B4B9290C3E
                                                                                                                                                                                SHA-512:5438921467D62376472007B9EBF3C35C9D9FE3EDE04D99A990129332D53EBC8EE2555C0319A4F7C0DF63516F29CEDF2171D8B6DC34C9FCD075C2CA41EB728660
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!1..A...Qaq..".......2BR#...b%&6..'w.r.3f7W8.s5EUeF.g....CS$4.Vv..Tdt..G..(c..u.Hhx.......................!1.AQa..2.q....".s...3.4BRr.#......b.$c............?........uf.....t...;..[...W.h.....-.k.f..i.u..KQ..b.F...rM%/.8n.S..=9.....G$O;.f.}L..N..U._i.[.X...3.~....S.~..+t$...c.5......{..X/..#.G...}s....6......^....o~.$.\WA?...^*w[O.~..6..~....a....~..:..0.......{O...|.s.u._w.........i...........{K...._.?.../{.....A..8....<g.iu..<..................X......|]v....D..9.k.w.|-IF.Tv.-.&.........."'.4.b....z.._.Z.....G...u.xyt./_.q..m>..S.V.Xdc.bw.T.W......g..........}s.._..?....U]_.......`......>.|'.~xH....,...?........?.q....o../..R..;...Y.G....A"?......?.<..1...w..o.M.........tco.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:DIY-Thermocam raw data (Lepton 2.x), scale 14662--14549, spot sensor temperature 533935292416.000000, unit celsius, color scheme 1, minimum point enabled, maximum point enabled, calibration: offset -0.000122, slope 13264930093240781317059293216768.000000
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):12288
                                                                                                                                                                                Entropy (8bit):3.9571775294967035
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:QS3jusT3tfn9HvTzIuyQv4l1rEAPk0ReLkMmLPDN/v09pE83wqIvRMQY8izEUOiN:F3jbT3Z9Hv/3v4l1rEwk0Re4XJv09pEa
                                                                                                                                                                                MD5:B7B5B5569C887262703BE7D84675664E
                                                                                                                                                                                SHA1:E050389DE708D5CB9A97257A47A3F98853B45B2F
                                                                                                                                                                                SHA-256:FDB61D6C4FB54407099A1510C25FC0BEB283E77EBC1A03F3AA98EF1C6915D5DB
                                                                                                                                                                                SHA-512:C58EF94EB5E53951394131A2E30EAE9F17F8D1E5FCE46C9158F431EF1C288ABDBD87EEFC5E6E086F58E01ABBD9AFD312E555CDC1D09666B5B78CD13D325174D7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:....>.......B...v.......0 ..x#......>...........v...^...@...h"...........................................................................................................................................I.......I.qk..B.....LZaix.....aixJ..8....."#"....\.V...K.q...2....aixJ..8....."#"%aix..I.qk..B.....LZ.I............I.......I...................................................I.t.....I................................................................4..'...'.....................9F.+...R....N...^................Mm's(N@.*.v(..!........b...8....................................I.qk..B.....LZ....................9F.+...R.................................aix.....aix.....aix........................................aix.....aixJ..8....."#"%....8......\.V...K.q...22................................I...............................aixj.#..aixT.G..aix.....aix..Q.....H...............$.7................!.....z...,4. ............................"......$...7...............T.u.e.s.d.a.y.,. .J.u.l.y. .2.8.,.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):59707
                                                                                                                                                                                Entropy (8bit):7.858445368171059
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:k76rvGc8WKC2/UX1uEgVRY/jvv9CblyL/T:k77Z5C2/Ow1e9CblCT
                                                                                                                                                                                MD5:47ADB0DF6FDA756920225A099B722322
                                                                                                                                                                                SHA1:851946B8C2BD0BB351BAEECA9E5BB6648A87D7CA
                                                                                                                                                                                SHA-256:EC8CD7250F3D82E900E99114869777EE859EC73EFFABED108815F65742078C3A
                                                                                                                                                                                SHA-512:85A9920E1CE4A2FCCEBAFA425C925DF33580FA3C3C00178F058539B2FBC0163866DB8A41B320E2EF2CD217F00FFA06A1A831C728D3F9F910C9EAC58B5DA76E2D
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..A..Qaq"....2........B#..R.b3$..8xrC4&'W.%e.(.c.d.5E6Ff..h..SsTt..u...Gg..H.....................!.1..AQ.aq.".......2..st.BR..56.r#3.b.S.4c%...$d.CT............?....3.7...G:../P....z..K.:6..w......6....... .z7...~.....{gdF60...9....{...'[N....m.........z...g{.......7...4..1..=.z...._..p...m..Icd.~.v..9.P..0Z(.<j.......R6zm.....v.z...>x..)=g........zo{..w..f..y.t.....%.D..#.}.I.>).H.QM..cLD..x.../.^y.{.............y.=^.......I.T.......U..0_?...u..og..3.ky..K....6w...Dc......~........ik.z....N...en......_.....x....._u...4.{..P...>.....}.......>.R.....m.....[mt.....}.........|.....m......~....B.F.]C.36..q....yg...{]...+.DZv.9<.o..;..N.n&im.,....w.3...V.s...Y..e#$.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):12288
                                                                                                                                                                                Entropy (8bit):3.87018134671077
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:gsW9WVQWqxWuAsaaXZsRlbVdzoCdakwD9C5K07wgfzzHJszGm:FW9jouAl0ZsRl8Ct+CkQzzHJszGm
                                                                                                                                                                                MD5:7C23C75B80317D5D86B2FE838DBC17DA
                                                                                                                                                                                SHA1:D4C9D337FBF289EC27924235BC03E22F670FC666
                                                                                                                                                                                SHA-256:1036011BF7C93E0E326B393EAE138B95EF45A2F09EFE79064538E44D33B9954D
                                                                                                                                                                                SHA-512:DAF685583D84CCE11FFD6EAF16479660CA592D0A1CCA2BF492368901808596B19BBF68069C21FC19D2F800135CC99A675F60712557519081E14E29F417275782
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>...........v........ .. "..2...>...d...<...v.......@....!...........................................................................................................................................I.......I.qk..B.....LZh.-.<...h.-.....6.{f.O\.h.-.....6.{f.O\.h.-..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............+ID$.U?..m..~O......N...^...................x.B..9.4}.............................................D....I.qk..B.....LZ............+ID$.U?..m..~O...................................h.-.....h.-.....h.-.........................................h.-j....h.-T.T..h.-.....h.-..|..h.-..;..h.-..h..h.-.....h.- .W.....'h.-2h.-..z...,4. ...."......$>........4..p..7......S.u.m.m.a.r.y........................h.-3h.-8h.-..z...y.. x.. ...........$...........7...7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.9.............h.-
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):27862
                                                                                                                                                                                Entropy (8bit):7.238903610770013
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:LTawAZvhbrXzDc6LERLQ/b5vXOl6pXQ/wD5OUMrdRUUhCplQg0ESSz:6wm/vT/b4wxoqbdUhWnSs
                                                                                                                                                                                MD5:E62F2908FA5F7189ED8EEBD413928DEE
                                                                                                                                                                                SHA1:CA249B4A70924B73BDA52972E9C735AEC35A0C5D
                                                                                                                                                                                SHA-256:20ABE389C885E42B6EBE9E902976229BB6FD63C8C34CB61AA70B8B746209F90A
                                                                                                                                                                                SHA-512:EE8D1821A918BE8714F431895E7223D08036E88A4FDB9A5485EFF246640EE969A69A8AA4E2E9DDC35BA75FB6D4E95092A286E90B477BD6998C313639C2C31F25
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:18:09......................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................!.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..P.v..+..n(a..Q..S\6....Y....D......} w#.b..]l.5.RU..k...... ]$.$.........f........?.z@2uU...7....?..|.Q..I.&.. ......"T4)wdH.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                Entropy (8bit):5.333741529965113
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:RLeEtfMewI2dIz8lg5Nx2tvqrIxrTNvWAfopgayYEbMA7XYoXR/6yc8bDCPdDkNI:+I208q5r2BJVWAQl5UP2s
                                                                                                                                                                                MD5:84111B9DCD9E9D59D9977E2333153084
                                                                                                                                                                                SHA1:D6A14A0C4AAE4CCD35DE6C05D2BC8F1C0401C3A9
                                                                                                                                                                                SHA-256:BB90EEE3418002030D510C3B5F635FAF0423F4F78D57CFCEB1F6A80726DAB4DF
                                                                                                                                                                                SHA-512:B67B3084E618F5FF68BD4A48336C2ADA85A0B62B2401D1EDC6D0F178412D3EBF99CEEFDA43944F8FEC02E32CA16CA76916FC12C79CB92E69A0CA51413A7E6DF4
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:........x................A... ..`M..............(................K... .. L......................................................................................@................L... ...L..............aj......aj..8\......`B..n.......n...o..G..U.B...Pha......[.....P...f...3..L'..m.T..f..R.V..........R............fw......fw.................................................n..T$......T.......T.w..t..T%...x..T"~..Al.T!......T%!...IiT!............0...........e....4.........................A..:4E.2..p1......(...`.i.....(...(...B.a.c.k.g.r.o.u.n.d. .-. .Y.e.l.l.o.w...j...P.a.g.e.L.o.c.I.D...L.o.c.V.e.r...P.a.g.e.V.e.r.C.o.m.m.e.n.t...P.a.g.e.O.v.e.r.i.d.e...P.a.g.e.N.a.m.e...2...0.0.0.1.9...1.....0...U.n.t.i.t.l.e.d. .p.a.g.e....B+......B+.@[.O..<...a...5.......5...D....6.X.2...............(...X.......8...aj..n...............1}(...5...............0...........e....4........................yf.....F.Q.........(...pO;.....(.......S.t.a.t.e.m.e.n.t...j...P.a.g.e.L.o.c.I.D...L.o.c.V.e.r...P.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.050890141757281
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:bEsEZapsx2DtrtcEau8fXHW9HFs1hsToMrdHr0I0dXI4bt8aEu:QszCx2DncEau+X29QsTRRL2lZbE
                                                                                                                                                                                MD5:7F5E95C10612889280D592550FE28CB5
                                                                                                                                                                                SHA1:AA6A92D9398C81272E467427291B1C95D4D4FB9E
                                                                                                                                                                                SHA-256:35C655B1733818F9B656D6558CBF3716134D9B911B42BEAC15F1F9FE83C5D7A3
                                                                                                                                                                                SHA-512:982C9E807BE56E1FD2449B8E14D84D724973AAEA3F40FC13493AC7E84276F8CA6ECD5E9557910AB5F6074211AECCF167A5CEBDA94816E5A93AEC6816FA59C419
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>....... ...v....................................................?....?.............................................................................2...>.......|...v...H............................I.......I.qk..B.....LZ.............p..$..?........p..$..?........I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............A...o....P].......N...^...............J.@...N.u.............f........................................I.qk..B.....LZ.............A...o....P]............A...o....P]...........................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.07619758852638
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:gksYqhd218EQXs9f+DTPRyPIbfsr7cbORO/:FsvdUZQXs9f+DLRyP8
                                                                                                                                                                                MD5:6C6ED568701353ACAE2DE03A47344E09
                                                                                                                                                                                SHA1:624260A27A49153F45E1DB52687D11BAF8D1F67D
                                                                                                                                                                                SHA-256:1033F8CD8B9C5BABDD5A2598899B5877BE8E68A718A9B6DBE94F13F5F3340D48
                                                                                                                                                                                SHA-512:123BB304094E8EBA457FB817FC4903941F76178A0A1763CBB973DBF553A9AF45DE5395CF49B291112C9C92035AC8FF8E24F4DFEDB8A63C96916E75EC8BDCF9EB
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......&...v.......................................................................................................................................2...>...........v...N............................I.......I.qk..B.....LZ..%.......%..`....Jx..n...%..`....Jx..n...%..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.....................,....Q.R....N...^................K..^c.O.c;.B...........f........................................I.qk..B.....LZ....................,....Q.R................,....Q.R...........%.......%.......%...........................................%j......%T.]....%.......%..B....%H......%..B....%..>.)..%..J...................;........4...4...4.."................%...%...%..z...y.. x.. ...........$........4......7...7........................;........4...4...4...........%.......%....#..%............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.056319782714418
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:tns2fslyeuhdStChNgE3ptcXJF3c9jkLToard6rPIYsxdXDpjUyFODV8Ug:ZsZMdSMhWE3XcXJF3c9jkLTvRi2xxU
                                                                                                                                                                                MD5:6433E93185D0F52BD3A0CDD8A6E1FA96
                                                                                                                                                                                SHA1:CB146D6EC4F84C6679C89BE9E96C875A50ED3121
                                                                                                                                                                                SHA-256:3A88D6F9C1B5667D211AD57F58C598111623F509706ED1D1881DA21E9252DAC1
                                                                                                                                                                                SHA-512:34DFF1CE69880D490A3D23666A93EBDA1BEE4158D11BE3048B26B6A3E2AD8E62DB5E5D71F7831B2F251F3240917D987AF130730E348A6B176179D0187A63B7E7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......$...v.......................................................................................................................................2...>...........v...L............................I.......I.qk..B.....LZ.Jm......Jm..J.....&W1...Jm..J.....&W1...Jm..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............D.#t._.8...5/......N...^................~...OLA.).g#.k.........f........................................I.qk..B.....LZ.............D.#t._.8...5/...........D.#t._.8...5/............Jm......Jm......Jm..........................................Jmj.....JmT.]...Jm......Jm..B...JmH.....Jm..B...Jm..>.).Jm..J...................;........4...4...4.."...............Jm..Jm..Jm..z...y.. x.. ...........$........4......7...7........................;........4...4...4..........Jm......Jm....#.Jm............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.064812873713429
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:5smrvgFnyto9NqElhXs9wFToordnrbI/IPZdXH8H04TLo0HeFmRg:5sOgFny7ELXs9wFThRrvaOM
                                                                                                                                                                                MD5:4541EFEC67E358EFF592F151B6EFFA5C
                                                                                                                                                                                SHA1:0F331F49D439097F98D7BCDB605AFFCC2F2FD5D9
                                                                                                                                                                                SHA-256:3C1969212023C69CB3FBFC7911F602BB37B95DD71E1600C7BD92054A055379E5
                                                                                                                                                                                SHA-512:7CB5F8BD9A4DCAC0EA91593D9C3D2B7C4C5D2AEEF76F097AB84EB236EFE77F4CFDD392AD297CEA1766517D896C9B6225EC48FE9B4280EE6A3E9301EA686692CA
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......$...v.......................................................................................................................................2...>...........v...L............................I.......I.qk..B.....LZ<K......<K.......&z....<K.......&z....<K...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............W.J.M.K.(...E.[>....N...^...............J=.L.h.J..C....F........f........................................I.qk..B.....LZ............W.J.M.K.(...E.[>........W.J.M.K.(...E.[>.........<K......<K......<K..........................................<K.j....<K.T.]..<K......<K...B..<K.H....<K...B..<K...>.)<K...J...................;........4...4...4.."..............<K..<K..<K...z...y.. x.. ...........$........4......7...7........................;........4...4...4.........<K......<K.....#<K.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.077846784125028
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:Z/sRcf92slkuetPFe4EHhcXY9w5iE+EMToTrdqrJIVSdXkwUGKN0g:JsRgrlkueDEH6XY9EXdMTeRyCSm0
                                                                                                                                                                                MD5:6FFF85BD0D609E1673619DEEA0B1559F
                                                                                                                                                                                SHA1:22948F96C5724ADD9702CC8F07E9E7D802F82577
                                                                                                                                                                                SHA-256:B769CBCCAC880859E55F4FDA94C89DEB4CD6DFAB944E6595350D268B42DB00D7
                                                                                                                                                                                SHA-512:6A31E9342A8ADC67FC60E1B81D6C70EB5E4650BD720F2D4F10A851B57518C2B1F442D04AE199570531880DB5BAF20E0CCACF918DAA869F80A6B4C1EEA5010277
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......$...v.......................................................................................................................................2...>...........v...L............................I.......I.qk..B.....LZ.Q/......Q/>L`.......7.Q/>L`.......7.Q/..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............}.7.......R.g..=....N...^................._Sg.EM.1Y..&..........f........................................I.qk..B.....LZ............}.7.......R.g..=........}.7.......R.g..=..........Q/......Q/......Q/..........................................Q/j.....Q/T.]...Q/......Q/..B...Q/H.....Q/..B...Q/..>.).Q/..J...................;........4...4...4.."...............Q/..Q/..Q/..z...y.. x.. ...........$........4......7...7........................;........4...4...4..........Q/......Q/....#.Q/............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.068675457933996
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:YaosioSeZAm6g+tsNnWO/GEEnXs9PvBiToVrdDruI2NdXWEjeRUD+vkSVqa:VoshAm6hWNWO+EeXs9PvBiTgRP+S
                                                                                                                                                                                MD5:BD3907781BDE625FD6666D2878A95C04
                                                                                                                                                                                SHA1:3CA5E0B459F8BC0DD90FD8C2DAFAB301452B323C
                                                                                                                                                                                SHA-256:4A0610715C791D83726F9DD6FCF21051C9C3427297222E5CFCC03FFFAD28C8E3
                                                                                                                                                                                SHA-512:952F116E196DE604F2C58E2A4998FB82535771D2F00F46313547877DCFCB68EF75C0D092E7018374EEA1FDA6832115EF43FC1570C733F96D5B5B39EC736D18DC
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZ............Q.9.2..E.......Q.9.2..E........I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............L.w..@......o5.[....N...^...............XR..}H.S..U[..........f........................................I.qk..B.....LZ............L.w..@......o5.[........L.w..@......o5.[........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.088651963631278
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:6sIbE9AZD/EY19X699p3LTc8R2g89uaw+u:6sKZgYvXE9FLjR2gr
                                                                                                                                                                                MD5:B3D0ED2D536E867789D428295E6470F4
                                                                                                                                                                                SHA1:4A47DE9510B9B2D226DDBCD07394B3519C4272BD
                                                                                                                                                                                SHA-256:0CB710F2ED9BE2A8379E8FFCBFD21052CAC1FB2BE6A39C68880F17674053CB86
                                                                                                                                                                                SHA-512:920793DCE4D04E3582196BA2901301DC98AB6079AB8C8FAFC869E35FE37A923AAFC54FCA88C7A480E5405010BF561B371FF4E084D6CC89A90A2F9D3307AB1E09
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZj.......j..o.T.......C.j..o.T.......C.j....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............j...4.:G.).-......N...^...............!.L...I...H...W........f........................................I.qk..B.....LZ..............j...4.:G.).-............j...4.:G.).-...........j.......j.......j...........................................j..j....j..T.]..j.......j...B..j..H....j....B..j....>.)j....J...................;........4...4...4.."..............j...j...j....z...y.. x.. ...........$........4......7...7........................;........4...4...4.........j.......j......#j..............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.0678546802535065
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:YWnoslxSrjmssBteh2En6rhXY9wY2ToFrdvlxrMICdXi1R1KItPjl:6s8jmssBLEcXY9wY2ToRHExEPj
                                                                                                                                                                                MD5:3DA29FCF8D576D7F25EF1E29E7D223C4
                                                                                                                                                                                SHA1:93B4E0EBCBCC59AA890B2001AE6389A23F842E11
                                                                                                                                                                                SHA-256:DBB64E1E2E07D8BA0911BCA3C1853D6ACEE47CF69E9F5CD57A529320068C0E3D
                                                                                                                                                                                SHA-512:E6F2DBCAE04D63A2D27922FC26627B9B1491B841CEDC6725628F5AE6D8F7F33ABB8559DAAC750A082F251077B8153B4A44CE021866DECB5EDAB81BB4ED299F15
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZ^y......^y..'Ss...%.]w..^y..'Ss...%.]w..^y...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'......................<}..z.....N...^...............m.j..k.C.......4........f........................................I.qk..B.....LZ.....................<}..z..................<}..z..........^y......^y......^y..........................................^y.j....^y.T.]..^y......^y..B..^y.H....^y...B..^y...>.)^y...J...................;........4...4...4.."..............^y..^y..^y...z...y.. x.. ...........$........4......7...7........................;........4...4...4.........^y......^y.....#^y.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.080019744002656
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:YuNQsVwawGJcXCc2xEtEC8+EXgZQXw9GYjjCToxrdPrdIOdX2pRVGRENJz3F:LNQsA2xEXrEXgmXw9BjCTkRj/e
                                                                                                                                                                                MD5:56BDD2E88796EF292B7AB15B13DC688D
                                                                                                                                                                                SHA1:F93C3FDC7FCED9B68C7F86BFF0EC5B9278CF711E
                                                                                                                                                                                SHA-256:12E2FA6EE9B0C8DB30785CFE1C43AE74317172BC37BAD39710F1D90F68369BB4
                                                                                                                                                                                SHA-512:0B4D8B5E83A1EBF78E47C6573CD23B61F6D1FA0110EDA546649EDA11A6D532DE8E4642D718D4A5F685EE436880B0C46F0B337F5BB9711F06CD2C4E84DCD0D772
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZ...........hZe.5..4f..m...hZe.5..4f..m.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'............./.k.u......%.......N...^...............m..'s.kH..DEOVQ.........f........................................I.qk..B.....LZ............/.k.u......%.........../.k.u......%...........................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.095187045852256
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:0BsW97yvHR4gjEjXa59o3q8T6RI07v7yDhLdP:0BsW97yvHR4XjXa59wq8WRI8v7yDhLd
                                                                                                                                                                                MD5:FF19E4BE3731F344563E0940B507D793
                                                                                                                                                                                SHA1:39B69AD65CA2BE48F29EE8057EF910D2BF0C5AA3
                                                                                                                                                                                SHA-256:FD6E414AB796A77968A70954A75BBB812401CC9238D8B43D2785D554754CE325
                                                                                                                                                                                SHA-512:CD69B3A8CBDA46D180200B43AAFE2054BD03BB4058833D47B2C62FB7D4F0571CE5877856A7A2D22FEC840ACAE08006D1C6474C28A77AB16C47A3C34854148DDD
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZR.......R.......ii..Z.nR.......ii..Z.nR....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............{I..P....u...B.....N...^....................G...|ae.........f........................................I.qk..B.....LZ.............{I..P....u...B..........{I..P....u...B..........R.......R.......R...........................................R..j....R..T.]..R.......R...B..R..H....R....B..R....>.)R....J...................;........4...4...4.."..............R...R...R....z...y.. x.. ...........$........4......7...7........................;........4...4...4.........R.......R......#R..............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.088526611287025
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:YhsLbviNK9+t+NCELh9vBXkB9VYTofrdP7rsI/MdXwZR9F9:asqNK9+00EfvBXkB9VYT6RfhMI
                                                                                                                                                                                MD5:06E88A5CC5AB657C9E6BF25898F2640A
                                                                                                                                                                                SHA1:641F596D90B3DE2A8C838260CA1C72F4CBC3BC4B
                                                                                                                                                                                SHA-256:77F8FD2F01F62429844AA6EF5A2AA01EA884C37A6107C8BE206E3327B48EE4A2
                                                                                                                                                                                SHA-512:C6AF002107F1E3F739A905FEC9B89B4CF12424C963E78F8270177E633D3DECE99C93768A9FF3F34095105F4E17544A644A091EAD127F2AB66EA5065518B30F41
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZ...........6(7...q..X.....6(7...q..X.......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............!.]<)R.........C....N...^......................L....t.h.........f........................................I.qk..B.....LZ............!.]<)R.........C........!.]<)R.........C........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.077958928876326
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:YPBsD8/clQdti2EFn+tXmt9B0CvGTo5rd2trIISdXWZ3R2clF:qsCKQdPEF+tXmt9dGTwResS
                                                                                                                                                                                MD5:21AF03028F51A449FD93300B6F7E97D2
                                                                                                                                                                                SHA1:87B7B0CEB3750605C06595716A1DB85CC15E8B6F
                                                                                                                                                                                SHA-256:8B48A58B6F708FB1BB869D77207D83FA096E6764332B14245EB1055998463610
                                                                                                                                                                                SHA-512:612A2A963BB0D0A9B57370691FAB434A744B7AD6D338D637F201BFED8F75F64FDB1CC74A81597F3FCACC31214C52747D76A80CF131CC1773F0A4D476D0B4D067
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZ.(.......(...U..2..y....(...U..2..y....(...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............e....t....(.Y9L2....N...^...............EWBH..|K...eh>..........f........................................I.qk..B.....LZ............e....t....(.Y9L2........e....t....(.Y9L2..........(.......(.......(...........................................(.j.....(.T.]...(.......(...B...(.H.....(...B...(...>.).(...J...................;........4...4...4.."...............(...(...(...z...y.. x.. ...........$........4......7...7........................;........4...4...4..........(.......(.....#.(.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.104106321832359
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:lsVNtWJWUURtFtcEt1XkR9jyr96TobrdfokrhImxdXI5tstXkatDatZtsAmtntXa:lssWFRdcEfXk9mr96TGRfHFtyY
                                                                                                                                                                                MD5:8BA44B7222E8233757C7E182A0D9559B
                                                                                                                                                                                SHA1:C853720C6872A39A5D2BA4FFCFE7E2C574B54E74
                                                                                                                                                                                SHA-256:2AAACB7B6C9E2244B293AE47BFACE6D3BEA345D1C7C62466A7CE51DE6DE9AD5E
                                                                                                                                                                                SHA-512:64F644AA508227116C21DD2AD7DF4456832CCBFE4BCCF50660FFC77CCC8764C22CEC190E69B29DA9BE1699BF6DF78A43EAC6F2AAE643CCC8930C4ACD4F4CE121
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......&...v.......................................................................................................................................2...>...........v...N............................I.......I.qk..B.....LZ...........a.2..Xf.G....a.2..Xf.G....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.....................-..qz].$....N...^................9q.O.E..8..<z.........f........................................I.qk..B.....LZ....................-..qz].$................-..qz].$....................................................................j......T.]............B....H........B......>.)....J...................;........4...4...4.."........................z...y.. x.. ...........$........4......7...7........................;........4...4...4......................#..............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.083416546182607
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:hsX69/PEt1tYEno3CBXbEPB9L2xTowrdlrqIddXD6kjom9Sa:hsC/PE1YErBXIPB9SxTtRpp8G4
                                                                                                                                                                                MD5:E596E07903BC230C6769E2A6E2B48A53
                                                                                                                                                                                SHA1:F6C67D35F19227D3AF5DEFDF4536FDE5FE43B832
                                                                                                                                                                                SHA-256:499DFF381AC87AE1099642694D0FC4395A7BC9EE577FE152346A2E0EB6B4DC14
                                                                                                                                                                                SHA-512:AC6309508417104A4D2086E75F9762CA8D5111ECA22AD4CAF73CC5FED74525F75F20F5BFD83AEC80DDE8AF30D5BF7AF3EAC074DEFCABB505FE66C6AAD0DA2229
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......&...v.......................................................................................................................................2...>...........v...N............................I.......I.qk..B.....LZ.UZ......UZ..V..3F.^.kN..UZ..V..3F.^.kN..UZ..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............eI.+.u........?....N...^................dV.._vF.7..D.........f........................................I.qk..B.....LZ.............eI.+.u........?.........eI.+.u........?..........UZ......UZ......UZ..........................................UZj.....UZT.]...UZ......UZ..B...UZH.....UZ..B...UZ..>.).UZ..J...................;........4...4...4.."...............UZ..UZ..UZ..z...y.. x.. ...........$........4......7...7........................;........4...4...4..........UZ......UZ....#.UZ............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.080951608833739
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:eBesEQko5m0PUCTmtxtsEdoKXdK9yuToVjrddrEmId0dXCi5kreEMa:ZseD08CTmZsEuKXdK9yuToRRi015hEM
                                                                                                                                                                                MD5:1377152E2754BF0D15C7A556FFE99BF6
                                                                                                                                                                                SHA1:449C283BCC8E006C156E715E160A593878400ED8
                                                                                                                                                                                SHA-256:D27D22D070F45D5737EDEE533423AAFDAD313C0595876877C85B3CE8F3038F6E
                                                                                                                                                                                SHA-512:32F99BB7FEB3B17A0D93F340590594B49CD03DFFAED4787D24BA8269020A99C5C3AA9FC171366A34BFD07FEC37039FF4908C986B3E3E412C053E999F3D1A9760
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......&...v.......................................................................................................................................2...>...........v...N............................I.......I.qk..B.....LZ].N.....].N......m.^.:I.].N......m.^.:I.].N..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............PJ...3...ds..wG....N...^................@.)e..L......l<........f........................................I.qk..B.....LZ.............PJ...3...ds..wG.........PJ...3...ds..wG.........].N.....].N.....].N.........................................].Nj....].NT.]..].N.....].N..B..].NH....].N..B..].N..>.)].N..J...................;........4...4...4.."..............].N.].N.].N..z...y.. x.. ...........$........4......7...7........................;........4...4...4.........].N.....].N....#].N............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.1198913160897845
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:+4MsJzaXI06ESX89v1lTc0RvpxaRIpaI23:+4MsJuXIMSX899lpRvpxaRIpaj3
                                                                                                                                                                                MD5:CFA308A58972939B451B8FEE21B00457
                                                                                                                                                                                SHA1:96028DBF6D106719CF8D86C1D0590C73F797BE60
                                                                                                                                                                                SHA-256:708AB5CD43A9C7CF0D183B476EF7B0BA982607D8A994B0A06AB13745872D820D
                                                                                                                                                                                SHA-512:1C967A18F1A916DDDD67575543370BE7F13E71D220BF02641F9C9A35A7DE4E5369AFF9CC9A6B375A5F0E650AD97530E4E2F6CE7A5DAE6B6F4869BB1B15C1F9D2
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......0...v...$.................................................?....?............................................................................2...>...........v...X............................I.......I.qk..B.....LZ..@.......@.f7......z..a..@.f7......z..a..@..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'............. . ...r...f....3....N...^...............Q...8..F..;]ru..........f........................................I.qk..B.....LZ............ . ...r...f....3........ . ...r...f....3...........@.......@.......@...........................................@j......@T.]....@.......@..B....@H......@..B....@..>.)..@..J...................;........4...4...4.."................@...@...@..z...y.. x.. ...........$........4......7...7........................;........4...4...4...........@.......@....#..@............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.172643745234775
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:asqFDZsouMEP8XU59VTCRIV7r+YaUr3OC:asODZOpkX09VGRIV
                                                                                                                                                                                MD5:52C4FF25A1C346DEF423AB5FC9BB55D8
                                                                                                                                                                                SHA1:8CAE1521C58FFB57D0DBF309A3F2A8CF092AEAD5
                                                                                                                                                                                SHA-256:4F55A92896566D4AAE65B696FC0CE1992C65399571A0325A18E8B8EEF3AF43CA
                                                                                                                                                                                SHA-512:D9E141EC40DA6C153E3BBD9C95519F20B4F79C71D11FDAF131A4FEB084E91A979D9BEDC9A36FA779DD1C3E38F8754FF9BAEEB8797A88ED591F9CE85009D3C821
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......0...v...$.................................................?....?............................................................................2...>...........v...X............................I.......I.qk..B.....LZ...........?....2......g...?....2......g.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............A..JA`....A'5e.....N...^.................0.%..M....m.X5........f........................................I.qk..B.....LZ............A..JA`....A'5e.........A..JA`....A'5e.........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.140842356996367
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:y0X+escy5wxM5tkuEBAC+r2Xwx9TPi3TolrdSrwIGdXq2diYF:hsmxM5BEBA7qXc9Ta3T0RKwV
                                                                                                                                                                                MD5:9E672934EC07E0F30B4FAA3830D2B845
                                                                                                                                                                                SHA1:A20679EB594EAA1CEF463216201C6AC4021FE945
                                                                                                                                                                                SHA-256:5A19A249DF3C88AF7BB369BCFBE2117A9BED478EEE3FBA8A9DE087E73790041B
                                                                                                                                                                                SHA-512:F37B26261D6C778447350F5DF5E8F63ACB1999805ECC31BC9DE06015CD949ECE5E441E6C2D5DD8F5E311D7AE0C3A1721086452E5867051BC4C5D8440A58F3227
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZfl......fl./.0.....!e...fl./.0.....!e...fl...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............lK.r.......%."....N...^...................<.D.....v........f........................................I.qk..B.....LZ............lK.r.......%."........lK.r.......%.".........fl......fl......fl..........................................fl.j....fl.T.]..fl......fl...B..fl.H....fl...B..fl...>.)fl...J...................;........4...4...4.."..............fl..fl..fl...z...y.. x.. ...........$........4......7...7........................;........4...4...4.........fl......fl.....#fl.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.135966127247756
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:FpHRshD6YRQoKuctFKmE7CWPX09yWntTomrdSrfWIjdXlmZR65ZCwEh:PHRsVKucnNE71X09y6TrRKDY
                                                                                                                                                                                MD5:01D3039B43403D91E7262194715C91E5
                                                                                                                                                                                SHA1:210D14D9A69741ED4660C53B364E0B7192D22189
                                                                                                                                                                                SHA-256:33FD41082B893BFDFABA93922C4E6344BA033AEDD105A27E47B8DACB347C722F
                                                                                                                                                                                SHA-512:38770283AACFAA5703BE9E35FC9014D37DE56DD6F8D2F9BA4D14BA91E24069A4959EE1346245C1F3BC63EFD93C3218FE4B4B6E74DF24949ABFD45C100C32B6B0
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ.Mu......Mus..H.'8ZbO.h..Mus..H.'8ZbO.h..Mu..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............?.*.7.$.........N...^................D.K..7E....'-.........f........................................I.qk..B.....LZ..............?.*.7.$...............?.*.7.$...............Mu......Mu......Mu..........................................Muj.....MuT.]...Mu......Mu..B...MuH.....Mu..B...Mu..>.).Mu..J...................;........4...4...4.."...............Mu..Mu..Mu..z...y.. x.. ...........$........4......7...7........................;........4...4...4..........Mu......Mu....#.Mu............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.126644919507508
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:6H4sulZrd6HGtcCEEC/t5BX7k5B9JJzToIrdSrzIFdX7SaIB:6H4sSNd6HGVEE4X7g9JhTNRKaG
                                                                                                                                                                                MD5:9000E59E173743ED3B6A1B81FB9BD307
                                                                                                                                                                                SHA1:7EE1DF501EAE78EC872A19E6922B0D3FBCD59CB3
                                                                                                                                                                                SHA-256:DBB08B35B70FFFA533CA17C6A391159EB2D4CE8CA970FDD36D4AB6857D63C4D6
                                                                                                                                                                                SHA-512:76D5E4A79E4FEE2815DF7364E3724D739AE33516E8CBC95C3D76C1E86BBA7CDB227E541B9D3EBB982A564F29810C1A36D8C8FA945522C42CFB407CB3011575BA
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ.1e......1e.X.y....M..(..1e.X.y....M..(..1e..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............,.-F ....x.9..J....N...^...............k.>.O..H.._.c..J........f........................................I.qk..B.....LZ.............,.-F ....x.9..J.........,.-F ....x.9..J..........1e......1e......1e..........................................1ej.....1eT.]...1e......1e..B...1eH.....1e..B...1e..>.).1e..J...................;........4...4...4.."...............1e..1e..1e..z...y.. x.. ...........$........4......7...7........................;........4...4...4..........1e......1e....#.1e............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.132262402428932
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:h/s0H2r32tYH+E2CHUX89nPM0ToSJrdSrSIBdX9l3GAOfie:Rsnr325E2ZX89nU0TpRKl9Afi
                                                                                                                                                                                MD5:99A307A2049B8846B9E11E553166765C
                                                                                                                                                                                SHA1:1B71C23A8A2F679352687E487FA3C5AF6D7A4A78
                                                                                                                                                                                SHA-256:AE4D50B87A003CCC4E8BAA98767F4F227C9E7F47D82B4EC61E9D9DF019449238
                                                                                                                                                                                SHA-512:86FB886E79ECE0E1BB46755391C901E6F1A98D8204D9D265FA222F5CE5079DE28E49CC7B20F60D478C56F3DA09530860AD3338CFDE4DC562BB1A80571D8A7A0A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZb.......b..0._..:w3XH..Tb..0._..:w3XH..Tb....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............n,.`..*..&..w....N...^...............z...@J.P...N........f........................................I.qk..B.....LZ.............n,.`..*..&..w.........n,.`..*..&..w.........b.......b.......b...........................................b..j....b..T.]..b.......b....B..b..H....b....B..b....>.)b....J...................;........4...4...4.."..............b...b...b....z...y.. x.. ...........$........4......7...7........................;........4...4...4.........b.......b......#b..............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.110017269631684
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:hsKthf6Rxt96eEG9CCZnX09Y73EtTo+rdSrNIFC6dXVWgWh:hsESRxdEiXX09moTrRK6c
                                                                                                                                                                                MD5:600FCB3F1204CA597FBF8A839DEC14DB
                                                                                                                                                                                SHA1:C6C5C124537F8A3E41DF5AB0BE7996CFA8A194C2
                                                                                                                                                                                SHA-256:942DE1BD2F7262F9B9FBFAB9E99549C24FECFF6DC11E2BBD945695E746FF6E34
                                                                                                                                                                                SHA-512:C68754AAFD27F87020F43756BFD057356927A2E015B989EC7A6A1302BFE1F99F6E3EDF88EE86CAD563276ACFF536E5EF9E90DD804661E8088961B07BC1BBCB62
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZR.2.....R.2t7...3G..aRMRR.2t7...3G..aRMRR.2..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..................^2.#.+d.......N...^...............#[..C..A.......R........f........................................I.qk..B.....LZ.................^2.#.+d................^2.#.+d............R.2.....R.2.....R.2.........................................R.2j....R.2T.]..R.2.....R.2..B..R.2H....R.2..B..R.2..>.)R.2..J...................;........4...4...4.."..............R.2.R.2.R.2..z...y.. x.. ...........$........4......7...7........................;........4...4...4.........R.2.....R.2....#R.2............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.125812207932017
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:Dxs2bZb8ruA5tdm6EnpDCZPSXg9vlNqToDrdSrhIgdX0/LCCskXYLrKq1:DxsU8ruA5hE1xXg9dITWRKx+u
                                                                                                                                                                                MD5:161A802B618C705123303D53B6B576CF
                                                                                                                                                                                SHA1:81110624B5B4602C5421952892A785A30D38C4D5
                                                                                                                                                                                SHA-256:0DF2F264D5B2662FF1BB32C0DDF60375998A1941D1FC828F94F040E12B2AD76C
                                                                                                                                                                                SHA-512:93D4582F378EFF82B8CB8E43F9710AAC6FBF9CD2565F6AB584C62B4ADC885FCB022113067ADC94CF0FFC8C9C70D827621D4CABA4A54808E898E62F0D977FDAB2
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ.%J......%J..:R.(...mIQ..%J..:R.(...mIQ..%J..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............l......?./....V....N...^...............#.f..Q.H.. <b2ju........f........................................I.qk..B.....LZ.............l......?./....V.........l......?./....V..........%J......%J......%J..........................................%Jj.....%JT.]...%J......%J..B...%JH.....%J..B...%J..>.).%J..J...................;........4...4...4.."...............%J..%J..%J..z...y.. x.. ...........$........4......7...7........................;........4...4...4..........%J......%J....#.%J............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.127521348827606
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:ejGsjWHs66d+NrNt9ieEmCKxXc9x+aGTo7rdSrYI4dXgWVyS9:1saM66d+NZlEmfXc9OTWRK2n
                                                                                                                                                                                MD5:4FA4749AEDE6E4313515C7D015B823A0
                                                                                                                                                                                SHA1:5EC54436E418E541AB70915E07103AFD0BE31A80
                                                                                                                                                                                SHA-256:BAACC9B40EE4E62D54E3BAAC5003E262B7E8950CCD3A5E23402CDF75C645B06F
                                                                                                                                                                                SHA-512:44F841BF983C06B75E79249F51F93B1A799EB398CD36DA61047DED9318FFBFC70E5BA1453FA156D084377073C48E486957451E4D2F59212F144E368948E40EE3
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ................;...XB..........;...XB.......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............Z.:-....1h........N...^................Z..D..O..$.._T.........f........................................I.qk..B.....LZ.............Z.:-....1h.............Z.:-....1h............................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.109391296270759
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:KgshJf4bjytG0S6UMElCC5AXP49zB8/ToIrdSrKIVdXLkC0Qwayp:Kgs34bjyc0dFElCrXP49zBGThRKx6/
                                                                                                                                                                                MD5:1FEF3E57C6FEEEFED47E8F558371ED69
                                                                                                                                                                                SHA1:A55F181EBC20882BEFF48855790977B23368602A
                                                                                                                                                                                SHA-256:EE1EBCA9891EC9936A4FD295DFC609CAC23007E1D5A547BAA13EDCB23F74A663
                                                                                                                                                                                SHA-512:1313E29A5EE9C645005CF8D1119075C4841B0C46A57B7F3DA2A639484555CC055E9485FA117DAA415E642D3CF728C0D8FF927422DAA41EF05DAC0AD0E8C981D5
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......,...v... ...................................................................................................................................2...>...........v...T............................I.......I.qk..B.....LZN.......N......8...6F._N......8...6F._N....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...................W.6.C..Ngw....N...^.................C.2..D..N.Kd..........f........................................I.qk..B.....LZ..................W.6.C..Ngw..............W.6.C..Ngw.........N.......N.......N...........................................N..j....N..T.]..N.......N....B..N..H....N....B..N....>.)N....J...................;........4...4...4.."..............N...N...N....z...y.. x.. ...........$........4......7...7........................;........4...4...4.........N.......N......#N..............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.133356441001426
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:K4smQ4SO6INE6c7gXo90iTWRKnGFWTGkF3aW:Psz4SO4DgXo90iSRKn
                                                                                                                                                                                MD5:30F60CE2FCCF57FD4926CD3B7DF85823
                                                                                                                                                                                SHA1:D9628362168BDE593BBB91EB06662A50FC7A6DD5
                                                                                                                                                                                SHA-256:15ED4189625F443E2D3F4BAED2F7FFA81274AECC57BBED457B76E084B77EBBFD
                                                                                                                                                                                SHA-512:A2C7CF257F2A73DFF4766BD5CB145598F8797E2DF99DA0D889605569D60C903663C361F474F70827BC36D66045F515BD17EBF47CC2DC72BD5E4D25D7B71A522A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......,...v... ...................................................................................................................................2...>...........v...T............................I.......I.qk..B.....LZ.I.......I.^..w....C....I.^..w....C....I...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............j8v^...'.P)93t.....N...^....................N..>T..a........f........................................I.qk..B.....LZ.............j8v^...'.P)93t..........j8v^...'.P)93t...........I.......I.......I...........................................I.j.....I.T.]...I.......I...B...I.H.....I...B...I...>.).I...J...................;........4...4...4.."...............I...I...I...z...y.. x.. ...........$........4......7...7........................;........4...4...4..........I.......I.....#.I.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.147256160696392
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:Q88sIN2JG53FkEPsWXlW9cTTRK2EE2L6Apv6S8x:B8sXJaVx9XI9cnRKL
                                                                                                                                                                                MD5:3EF47CDB40F88ADB24BD488928D1ADB4
                                                                                                                                                                                SHA1:EBFA540BE7480B5A216DDDFF464E2C8160C7F05B
                                                                                                                                                                                SHA-256:35825C5594A9A53ED69798A1150C66958B22C31EE7B5274EDCBBA2C0696CB12B
                                                                                                                                                                                SHA-512:275B78F34BAF5564D42B0FA1C2553803AE415CE88283F30E1BF0527A9849B6F9F3101A56BE04C67467C8C7A7F5F43C6351EE4CB58FB7CBCF5E6EE6F1B8DCFF02
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>...........v..."...................................................................................................................................2...>...........v...V............................I.......I.qk..B.....LZ]. .....]. .Z.b.&e!?./..]. .Z.b.&e!?./..]. ..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............u(.R==..0.+V!O3.....N...^...............b...`\.L.QXX+.".........f........................................I.qk..B.....LZ............u(.R==..0.+V!O3.........u(.R==..0.+V!O3..........]. .....]. .....]. .........................................]. j....]. T.]..]. .....]. ..B..]. H....]. ..B..]. ..>.)]. ..J...................;........4...4...4.."..............]. .]. .]. ..z...y.. x.. ...........$........4......7...7........................;........4...4...4.........]. .....]. ....#]. ............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.104951474970533
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:TxsEPEtfAcetpPmeEVC/lXw9MIIToNrdSrLeIDP+dXmC06Z:TxsR9AceXZEVQXw9MVTsRKL6l
                                                                                                                                                                                MD5:1380C9BB012BD26EAF35F96E28F4B3CD
                                                                                                                                                                                SHA1:D77DD02D20F862E54C1B03C18551BCE8548C8E21
                                                                                                                                                                                SHA-256:3B05E578F12A8BC9C68B9E04C36C501746B9DDDDD4C478C75642C758CC73C25F
                                                                                                                                                                                SHA-512:78CFBFAC23E7B585B275A50247DE0669A676CE564F088ECEB077D2D4F24A26AF64106F2B3B64AF3BAE01CD2366520A3D44296330FFE22DEFE190D2ACDED593EC
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ.K.......K.^.)s...{..#.K.^.)s...{..#.K...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............u../S...=..A...-....N...^................. .h7.F...#.6g.........f........................................I.qk..B.....LZ............u../S...=..A...-........u../S...=..A...-..........K.......K.......K...........................................K.j.....K.T.]...K.......K..B...K.H.....K...B...K...>.).K...J...................;........4...4...4.."...............K...K...K...z...y.. x.. ...........$........4......7...7........................;........4...4...4..........K.......K.....#.K.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.143657551453084
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:ZY2sE5+Ps6KzoGEsWMiXo9yTaRKNs+pJVfb:ZY2sE5+HK0j8iXo9yGRKNs+pJVf
                                                                                                                                                                                MD5:4F748E5240B25F16C35E7487080BED47
                                                                                                                                                                                SHA1:622E5F8B91E632AB672F0605E5A8D238305F3B30
                                                                                                                                                                                SHA-256:343BBA3BE927863ACEF78333A69C337B100ECD954770D5D134C03419DBB4A360
                                                                                                                                                                                SHA-512:747F796BE1C9761E547234E3AC38C7BD10CEC85B9F62A60C2C02F256A6025802AC0E4381732BC59A0A34C0B893D26B82DC0512D3BB90AB68B6F3E94FB16CE14B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ..g.......g..MH.1......}..g..MH.1......}..g..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............+. ..v..".:..\.H....N...^....................2YH.t.nR..........f........................................I.qk..B.....LZ............+. ..v..".:..\.H........+. ..v..".:..\.H...........g.......g.......g...........................................gj......gT.]....g.......g..B....gH......g..B....g..>.)..g..J...................;........4...4...4.."................g...g...g..z...y.. x.. ...........$........4......7...7........................;........4...4...4...........g.......g....#..g............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.115184136558236
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:9spbqSEbEbaWS2Eitw6ER35uCAZ4X8b9LdNxToL6rdSr+5IDdXFbyhbEkmbyhbOq:9s5SxixER3c+X8b9LdTm6RK7ziT
                                                                                                                                                                                MD5:6A4FAB77754B7485AF4C7D35129C6A82
                                                                                                                                                                                SHA1:D412B205EDD92A3285C76D2FDD29DAE14C9ED595
                                                                                                                                                                                SHA-256:9B3715B62953384DA06EFC4E90520C9DF9F89815743A4DC1BE6EDA9EE36C7DB4
                                                                                                                                                                                SHA-512:D5F9A2912BC14A12CE62F018A0987CE0E99DA3EC3A79AE5F5737341B86120D4B5FEFE050C5AD6F6A7E229FC01152E5A5C94D29835AC5679A804EED2F9D19E172
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ-&......-&.:0...5_.d...-&.:0...5_.d...-&...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..................+.....e)v......N...^...............^My5..VA.d.Z.$(p........f........................................I.qk..B.....LZ.................+.....e)v...............+.....e)v...........-&......-&......-&..........................................-&.j....-&.T.]..-&......-&...B..-&.H....-&...B..-&...>.)-&...J...................;........4...4...4.."..............-&..-&..-&...z...y.. x.. ...........$........4......7...7........................;........4...4...4.........-&......-&.....#-&.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.129650665527835
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:hsi4PzpENA1s2LX09/TpRKsOUN9Kka95ug:hsi4PKyLX09/NRKsDN9Kka94g
                                                                                                                                                                                MD5:0E3C09ECE4E2841734F4A6E591510299
                                                                                                                                                                                SHA1:16CB773C18609CA6FC59D2A232788F52EC84BF86
                                                                                                                                                                                SHA-256:91C89E7FD39E7F0071A74DF4438FE7ED4C0F4FAA382D9070174779E5659AC344
                                                                                                                                                                                SHA-512:6C20D4D5920ECF5FDEEE34DC3C9FAF0AFB9DC1F87D06C24D40C0FDD3935B1D690ABF31222EF6D6CE46330717451B6A00C1968B7DFF7AF832E25AB1D7483E48BA
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ.'.......'.W..b...[..<.M.'.W..b...[..<.M.'...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............3.we.....*1..C.....N...^......................G.B..91xN........f........................................I.qk..B.....LZ.............3.we.....*1..C..........3.we.....*1..C...........'.......'.......'...........................................'.j.....'.T.]...'.......'...B...'.H.....'...B...'...>.).'...J...................;........4...4...4.."...............'...'...'...z...y.. x.. ...........$........4......7...7........................;........4...4...4..........'.......'.....#.'.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.113773673902185
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:KbMbBsGxJOIyvVpTtER/lSEyrCQqXw9Fkg2FToOrdSr9IvdXxbl0Qm8Dubt:K4BssoNpT4MEyraXw9FknTfRKmPCB
                                                                                                                                                                                MD5:165B05DCEA2D85F742E3E80E88B5E268
                                                                                                                                                                                SHA1:B6B4CD4A4BF1921ACCE7AC3C639DE2A477C4A75B
                                                                                                                                                                                SHA-256:75995ABDDD88E6BBA663BD285A71CFD38BC7E25132C27582025240588DDE07D6
                                                                                                                                                                                SHA-512:DB9ED7279EC71FF35FF1AC1D7944D1CB4FFE2E1A06FFAA06EA9CC37F87EC3450E8A009CF142D2A0E74D01DC12EB276C6EEEF0F1417A1BE55375D2FB37BF4AF3B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......,...v... ...................................................................................................................................2...>...........v...T............................I.......I.qk..B.....LZ@T......@T.$;&.90p...=.@T.$;&.90p...=.@T...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............N_|kP.V...).}.kO....N...^................I.,D..J.....#Q........f........................................I.qk..B.....LZ............N_|kP.V...).}.kO........N_|kP.V...).}.kO.........@T......@T......@T..........................................@T.j....@T.T.]..@T......@T..B..@T.H....@T...B..@T...>.)@T...J...................;........4...4...4.."..............@T..@T..@T...z...y.. x.. ...........$........4......7...7........................;........4...4...4.........@T......@T.....#@T.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.158967163661068
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:7sq9B3h0RdTat3gEJlCDgXHt09Hs5jToCrdSrJIjdX9MFmuDNBAJf:7sqx6dTayEXBXN09MjTbRKycFFRBAJ
                                                                                                                                                                                MD5:23CAC26E1F26E83C270EE589E06061BB
                                                                                                                                                                                SHA1:33C0D54CF947ECBF8908CBFE8D0F737ED6E05160
                                                                                                                                                                                SHA-256:746B94939EDC6AB2F329BC31E9168A0A97AB8A5CA7BA54F7B85877ACB72FEAD6
                                                                                                                                                                                SHA-512:4F78EE6DF6BA465CC224D2E654987AFB2E2FC817133AC19992F7E02EFB95AF8B1E1D38D81A972E79A9385B14DCEB299F4A7DA8C3424817B5E1A6F44254A45651
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......(...v.......................................................................................................................................2...>...........v...P............................I.......I.qk..B.....LZ.W.......W.|..U.(A.Kh..G.W.|..U.(A.Kh..G.W...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............f(..u...[.......N...^...............h...\U.M...0HW..........f........................................I.qk..B.....LZ............f(..u...[...........f(..u...[.............W.......W.......W...........................................W.j.....W.T.]...W.......W...B...W.H.....W...B...W...>.).W...J...................;........4...4...4.."...............W...W...W...z...y.. x.. ...........$........4......7...7........................;........4...4...4..........W.......W.....#.W.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                Entropy (8bit):3.654737444427781
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:2ymQIN5Y3Nt3qZtVktOHzcOEy6DOnO+UGXi2+:27bN5YnqTbzcOEy6SUGXp+
                                                                                                                                                                                MD5:D84417FC59C736640EF4AD0A49F5F4BA
                                                                                                                                                                                SHA1:A078F4823AB1CE5E8D834BEC762E8A5BF2923128
                                                                                                                                                                                SHA-256:DB8EC4E600AC00CBD0BA640A84A665AD2142DC988971D0E1C063591AC36BEA76
                                                                                                                                                                                SHA-512:885954A2E256E4F6920CB7B5619D9FAEF2E58C929E9721EE81B63ED68B3EF9A87706916C6DD765F72A309C8301819BB64ECA346B12B52B383E7C411B6F6FEC7D
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:....X............... .....................................................................................?.................................................X...............H...........................F.......F.....iJ..t.....M.......M.V.B...A.{.c....l...5...B=......nN1..Q.....,.E.nN1.w....%..-..|].3Zw.............M.......M.................................................F>......F>. ......%...................aH.(...L..2...^...............<.......,...F.......Z.#.nN1.w....|...G.......F..T.......T)...Z.#T.y..#!|T.2.._..T....w..T)R...M..."...M...q......F.......w....c..,0...e...B4.$...........GP..A..}.....J....................kt......kt...F........Y.w.......w....%..-..|].3...i:...."..6)X....i.#!|.l..@..C*....#!|.......aH.(...L..........>...............nN1..Q.....,.E.w....%..-..|].3Z......aH.(...L............0...........e....4.............."...P.r.o.j.e.c.t. .O.v.e.r.v.i.e.w.......B.^....F...r.QH.....(...........(..."...P.r.o.j.e.c.t. .O.v.e.r.v.i.e.w...j...P.a.g.e.L.o.c.I.D...L.o.c.V.e.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                Entropy (8bit):4.5951069856885605
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:wKmoRctg7OUfDWI1i7uBZtRtW/fBquVC7WdwR04cc+kA3eNW9124Xp87TO2T5DmA:wKmoitg7OUfDWI14uBZtR0/foMC6dwRZ
                                                                                                                                                                                MD5:B9AF35E03F5C451E0ADE7AB0CEBAE195
                                                                                                                                                                                SHA1:B6C3E00F46D7BACF6075FE41BD61A71D4ECE2C96
                                                                                                                                                                                SHA-256:4B38C35719EFF5F12166D50A2472C9687AF65DE51909CF3D70CD45923848B931
                                                                                                                                                                                SHA-512:2D978F042BF892927DA45C25A4C19FC235F2FCFA1263922AF31333EB3D58EDC301C7A91E143DC5870EC18EEE2A13594AE77A1F8CF31BAA4F6F72BF53936744B3
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:....>...........v........@..( ..`J..........>...t...8...v........H..( ..PI..................................................................................>...........v........I..( ...I...............I.......I.qk..B.....LZR.......R.........Ml.x..R.........Ml.x.%R...PXX3.....\G<-...PXX..I.qk..B.....LZ.I............I.......I...................................................I.t.....I................................................................4..'...'..............q.&...+....z.....N...^...............s.P.fa.C..-....=............J...............................4....I.qk..B.....LZ.............q.&...+....z..................................R.......R.......R...........................................PXX(.6..PXX(.z..PXX ....PXX$....PXX ....PXX(.5..PXX ....PXX$........R..3R..8R....z...y.. x.. ...........$........!..7!..7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.3..............Z4...........................................4../4......p...............C.a.l.i.b.r.i.....
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):22203
                                                                                                                                                                                Entropy (8bit):6.977175130747846
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:5q3R1VBvq3R1Flrk6Q0QPJJrR39joOVMJ25d1NkMhIwobbtAAAqYnLJZMJYZ2AC:xw6Q0WJR3FoOVMJIIlAAAqYnMJdD
                                                                                                                                                                                MD5:2D3128554F6286809B2C8E99DE5FD3F6
                                                                                                                                                                                SHA1:FC42CB04151D36F448093BDEFE33031A9B8D797D
                                                                                                                                                                                SHA-256:14FA2D16310485AA1CE41F6D774A3D637E8CF8B03C4F72990155DF274FDB6BD9
                                                                                                                                                                                SHA-512:D8531247A6E89ECABEA9C4A78F596CCE3493334EDF71AE4F7998FDDD0F80705948609C89756AB56FDFAB6D04DEC5F699A693801A772CA2EE2465BDD2CE5D2D5A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H.....XExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:06:24............................&.........................................................(.....................&...........*.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...H.....Go.Kxn.b..g...........%?_....O......q......7G......%%.V..8zm.].v?...jJ~._..>.......O;........o..rI.A.....n.a.........
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                Entropy (8bit):3.964715178944031
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:TsjIiP7chWIXHdbClR/97dyGyKeldWEEse97kvCDyok2ynzcJ:Tskijc8IX9bsR/97tGpEse9ovCDyVLA
                                                                                                                                                                                MD5:5A2F3A26FEBF6C96954396CC13383137
                                                                                                                                                                                SHA1:FD4274FA69C28FB824EB19C88CB0F5006DFF8C2F
                                                                                                                                                                                SHA-256:B36EC01F0DF82E8039499E79CB68C26A8942EB0812B6774C9E06FBBC926D6058
                                                                                                                                                                                SHA-512:CB1AE77A90CA4CFE604DEF0C569191CE9B209720BE5925C7E5A0232FC831D2152A5E1432C0CAC8C1783169A104E15FA0D8E4C65F58B0642A3736BF537D1688EF
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>...........v.......................................................................................................................................2...>.......Z...v...&...........................Uz..)...Uz......8A...t...I.......I.qk..B.....LZUz......8A...t..Uz...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............b.n..............N...^................#A.D..C..9))=...................................................I.qk..B.....LZ.............b.n...................b.n...................Uz......Uz......Uz..........................................Uz.j.h..Uz.T)...Uz......Uz...L..Uz.H.]..Uz......Uz...H..Uz...}.......Z4...........................................4../4......p...............C.a.l.i.b.r.i..................Uz..Uz..Uz...z...y.. x.. ...........$........4...!..7!..7...............Uz.:Uz.FUz.GUz...z...y.. x.. ...........$..
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):52945
                                                                                                                                                                                Entropy (8bit):7.6490972666456765
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:cjvqR0XvFaGCTJffi0tgybmWDoTw71kHUAnjvawrlp2+NUO8dWSNl3PF2PjK/q09:cyRffflgybmWoTw1UUADHUbU21MjpAD
                                                                                                                                                                                MD5:AD003F032F32FAC4672D4CE237FA5C5B
                                                                                                                                                                                SHA1:AE234931B452F0D649D91291763B919CF350EA49
                                                                                                                                                                                SHA-256:ADB1EBBE18D6CD8FF08AA9BF5C83CDB83BF9AA179698E34E93DBCDDE12F04D32
                                                                                                                                                                                SHA-512:ECA25FA657ECE3A66D3E650628E0F65D3BADD38864C028AB6553950A1A66D7D55482C85E9E565573E9E5AAFA91C2D53235971C644A266D41EB69F8E72E3A843B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQ..aq....".....2....BR#r.b3$...C.Sc%...s5E......................!1.A..Q.aq"...2...#...B...Rb3..$..CSr...6............?......y_N.e.H7?........W..w....k|...S..d.4.>.RW5z.$.i.)V.O....>o...c..*&1.D..O..".ufbb..1...t..u=..K...m...~.....F..-.fb:i..=f..C.w.[{..~.7k....;..:..3....4.....$..m]...}....~q...9T.#..7.~..8...q.N;c..ffo.w...W..d........../t_........lWJE..).>..v;:=....Rrw#.m.n.n...E...vm.J}2N*..|.4...80.#..e....t.J..ZQ.x|g/....F..e....k+vK...M..W.X.e.L..~...j.....kz....=...n:O.:..[.L,.+R...Y..zKNI....,..{e..U.'...}.......|..t.]...~...b4......_.i..../.......m...a..n...v.j.?..Rc.$G|.31..#..$?.........h.w....-... .a.%z..u......u.A....Fm..J.......G..[...w.....:....w/.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):12288
                                                                                                                                                                                Entropy (8bit):3.5192854965338882
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:OsJda9r1hYi/LlsX8xEwGJRtFDbe8Tpjpe1QtoO9cl/wMwqysey:7kMi/LluEEfJRtlPq1Qto+cl/d9e
                                                                                                                                                                                MD5:0A897E041A56D2805452B74473894991
                                                                                                                                                                                SHA1:3732CD9660E57724D6DA9041750146879BD346A4
                                                                                                                                                                                SHA-256:CB130C7E60054D1D97E5134EFC6BDFFDACA25C05BB0B866575949525151D0941
                                                                                                                                                                                SHA-512:1C1F8314534565AB5A41396CB6C79D43193CAFC3526E6E8F51E75D70A7F05EA5AFE4079D5C9AB868FAF83B360ABF9E559F6C8F8A2971D8781185861FEC965A4D
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>...........v.......................................................................................................................................2...>.......@...v................................I.......I.qk..B.....LZI.|.9...I.|.y..."....'.1I.|.y..."....'.1I.|..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............w/.ef...z..g.|.....N...^.................d....F..GI..>6............................................r....I.qk..B.....LZ............w/.ef...z..g.|.........w/.ef...z..g.|..........I.|.....I.|.....I.|.........................................I.|j....I.|T.H..I.|.....I.|..\..I.|H....I.|..3..I.|..O..I.|..........Z4...........................................4../4......p...............C.a.l.i.b.r.i..................I.|.I.|.I.|..z...y.. x.. ...........$........4...!..7!..7...............I.|:I.|FI.|..z...y.. x.. ...........$......
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):25622
                                                                                                                                                                                Entropy (8bit):7.058784902089801
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:EhK81gTCyJ/Gf9Aw3t8w8EtdPeGDh6bEi1Ie1u4ZbvgwTwrSRh7ZKNpIGY:IjcRXwdJvtdGsUbEi1IeY8vgwTyC1+Y
                                                                                                                                                                                MD5:F8CCFC24DEB1D991EBE085E1B2D7D9BF
                                                                                                                                                                                SHA1:AF76C22A765434AEDA134924C517C84107F4FED5
                                                                                                                                                                                SHA-256:7354001527AB554C44E7D6981B86DD933B7DC2E0D3DC8512AD3EECD843245C52
                                                                                                                                                                                SHA-512:818BC3690B01B30BC571E4CF45EC8D1AFCAECBAB003532644381F1CF730A5B3486862D08F7579B2D3D89167AD7DF35028881245C9550B0DA23D1F81A720A9704
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!...1A.Qaq.........."2Rr.#.t6..B..3S$4..v.b..Cs.%5..8..cUV.(.DEe.&Ff...T.d.......................!.1A..Qaq...s4....2r..S"BR.3....b#C$.....c............?..D.."}:......&&...?3..W.q*.......]...m.Y.k1......K).J...uV.b.../.0.E.H..4..W_T.[t.V.w.9.x.qe.L..o.oL.....d.\.....6.|.o...}..H{Yn..E...6Y3.l.e..D.:,.n.%...t...m.........,+,..|..n.....6.*...f........6.../$../Vi..H...e.f.F.zn.).n.E..2sTn.i...Yb?6+H&...Bf..*....z.o.^7[..u.:o....t.s=.....(.s.....f.g....q9o.u1L.N...smzE..[>...+\O....j.<....j.c.W.............U..+.F/.'..W...T./W...>i01./....j.s."..Q...{...a._~OW...Rp.)*.e..W..Q4)<..'..W...q...'..U..z..g......U}...O....w....0F:.N..V.3W.|..'z0.]...j..U[v..g$D.Lc[.e...UW.m0+
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                Entropy (8bit):3.196914734374363
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:rz6cP9g8hzFQeOWIlqdLakxab+RSHyipHLeSFznmz+BqF:SB8hzFQgIlqdLTxaqRUyipHLeSFznN
                                                                                                                                                                                MD5:EFD296F52DE75E2F69B6790DF123CAC5
                                                                                                                                                                                SHA1:B4E2A91322687DDE351A85996370EE8F33DA1681
                                                                                                                                                                                SHA-256:8C1DAE47A1D30224EE2F9CE4CBD589B0147BABB88F41EBF0F205AEBB3D051BD8
                                                                                                                                                                                SHA-512:559032BE6CEC72EE76E9F3591C031C6A8F9C51F7D7D6A4D7EE49E61AA1BB319A5214E7AC1AB6830A83050EAF2F20BABD0AB463899A4B1A2B04E30F0462B0B671
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>...........v.......0 .../......N...YG.....c.@Y.........N...YG.....c.@Y......I.qk..B.....LZ................................2...>.......B...v........-..............v........-..8....................I.......I.qk..B.....LZC...T...C...8.<...b..^..C...8.<...b..^..C....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............N...YG.....c.@Y.....N...^...............N(".e*.B.7.,............................N...YG.....c.@Y.........N(".e*.B.7.,................N...YG.....c.@Y..................................C.......C.......C...........................................C..j.e..C..T....C.......C......C....a..C.......C.......C.. .H.......z.......R...................!..7......}.....W.i.n.g.d.i.n.g.s. .3.......................Z4...........................................4../4......p...............C.a.l.i.b.r.i..................C....z... ..$..............
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):15740
                                                                                                                                                                                Entropy (8bit):6.0674556182683945
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:Elv3GG8/OOs+GouFdxMlxjoPyerzkpuOo2vPMc62PaJseZC+BJoS/:EtNiwdxMlZoPhzkpuOo2PMc6rX8+B6+
                                                                                                                                                                                MD5:FFA5EC40DC9A0FD10EB9E6355142D6A6
                                                                                                                                                                                SHA1:3D3D6A7E086B3C610C08F1F3E3F883604F06F2A4
                                                                                                                                                                                SHA-256:D74C3973C8D1F7C77274691AFB1AA934940674341D7EEE563BE75E563281BDFD
                                                                                                                                                                                SHA-512:6FAF2A24D06E6008F3579C7CEC90C2887462BDF83FAD7372FBB74B8DE90340B580E9836F309B68A9794597A598F7DCDA661C9A58DA6D8187C69083B7A17C9CD9
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!.1.....AQ..aq.g..8...."r....2.FG..#.E..7.Rb..Cc..D.v.B..3s..$d.%5Uu..&6fW'w........................!....1Aa...d..5e.6.q...Q..."2b.c..r3DE..BRs4U.#C.S.T............?...u.&0...cV.T.I...1..=4....Ce_.g.q.=F.M:>)...k..pm..h..=........S....)Ja8x...b.).=5.q..0......k.M.....1?-.G.b&.5..Ep.8t...'...R)..ta.F$bXO]tW.b.6#.t.XWN..ZW......].....G....x&&f..'L.....7...\...'.8...~`.sa...............................................X........qo...SMk...'.V...i..hb.}&?/.k.:>l.^....>Y...<}...&.jY.Gn.MKejyV......D......gf.0....t.nw..XQ...H.B.....=8.UkR.....Hm..w..]...k...#Z...F../.gjWvf.....w.aZ].2..5..^...VZv..._.7..a.|...:.B...,f...............~....m.;_.....-.e.y.w.[m.].bu.b.f+.E++\.....Y..7
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):12288
                                                                                                                                                                                Entropy (8bit):3.7852102111601615
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:ds7+3E0rauvpdYuXkJsM0Rttyy2e42iL+kX24Xu199FqsWW3he:iaU0raeXkWM0Rtsyd4sKXu1/Fqs
                                                                                                                                                                                MD5:BC82850E0E428CFD5769126BBE955946
                                                                                                                                                                                SHA1:7D4DC96C6BAC806992A64D3A33BB3C00A04D6E30
                                                                                                                                                                                SHA-256:EF8E4F7E5F81EF99A718080C65694D2EF44516662593A65485A468E6482DA712
                                                                                                                                                                                SHA-512:EFEF854A61B0A8478526BF758DDEF39EA1E943162DD333EEBEEE32E3A42ABFE887B2F7FFE24E3D1AF690420FB10B4E081B4F53CF22D9FF7E563F2FC9C1FA2DF1
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>...x.......v........ ..`!..2...>...........v.......@................................................................................................................................................I.......I.qk..B.....LZ...9.............6Jh...........6Jh.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............#E->.....s...4.....N...^................c)!/G..k...7..................................................I.qk..B.....LZ.............#E->.....s...4.............................................................................................j......T.Q.............n....H........9......V..............Z4...........................................4../4......p...............C.a.l.i.b.r.i............................z...y.. x.. ...........$........4...!..7!..7..............'..%.......z...,4. ...........$>........4
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):55804
                                                                                                                                                                                Entropy (8bit):7.433623355028275
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:gVvci05lhVbfBcWvBLeynluexaWqzww/u5:gVUZhHDljaHww/u5
                                                                                                                                                                                MD5:4126992F65FE53D3E3E78F6B27FD49DC
                                                                                                                                                                                SHA1:BC0D76B69310DA9B909D3EE4CECBFE5F386BFB45
                                                                                                                                                                                SHA-256:3FBE3C1C238BD7DBC67F8CFF5F3BDDFD513C96A9851B9616477947D21DFF4B2E
                                                                                                                                                                                SHA-512:624853F5E56D224C8188F122B2C4724F867D4099E7FAAFB9C945BE7E2907900ADCF4AE97AB08909CF94E96FB6F381E3B6396D560D93EB2731E4E69CBFE628F10
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d..............................................................................................!1...AQ.aq"2.....BR..8x..r#..9b....3....CS$.'.cs.......7Gw.(.4%5&..Wg.h......tEVfv..H..........................!1A..Qa.q...."2..u6....BRr.#...b..3s..d...7.Cc.$Tt..S4.5Ue..&..%.................?...,...8..{..S.y.N....%..q.8..H[5....o..xg........)c(.eO.YO..._D..x.U.....%.S.r.r._.^..Su.h.Q.t.:.#?....x..B.S...Q.....oqF..%..8'.qx....%.2JKjF..{y.w0.*a.RMb.c.Q{%....eW'..[IV..'ZW3...[...MN.....rO.:....$.i..7....Vrrr...I.r..M..Qo..j....q.^...N...J......%.J..)F...>$.....u........o...+......[...*..t....R}.I..R..S..GB..:......).6_[^Xft...F.1.....zP....,.#....MG.T..Q.F.....)Fi../.I...,%.voEb.b.Z..V3..FT.}..[Z{....wd.z.e.....QwW(.).t..\..'....:)<W.<..&k...caRT.X(..K.....:f...]...q..
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):12288
                                                                                                                                                                                Entropy (8bit):4.71252160120585
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:YsnAJmhDaYYRZbzsoDkwqoQDKtBbWWDmdXHWD4C/CXLLsCvm96ARtJsTL1DLNQDz:NA4hDaYYrXswqoQDeiWDMWDP8KDRt+TW
                                                                                                                                                                                MD5:102E5D453F1DD46753405D63CF88C497
                                                                                                                                                                                SHA1:F1569B1EF1B2C4B634459EE47AAA633131D34D87
                                                                                                                                                                                SHA-256:A8C8BCCC30008CAF452E70AD038517A26F32F129F07932A5807B66EE69D929EC
                                                                                                                                                                                SHA-512:2357AC5D05358C9A4785B816AE0AC6393CE5A57E8EF835D10CB067C963EF9666DAC27628635B0085E6F220E5D271DCFFB185664BC86FCC19F787554F8AA4FE99
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:....>.......^...v...2...0 ...+......>...........v...z...@....*...........................................................................................................................................I.......I.qk..B.....LZ.U.......U.,.\k......DA..U.,.\k......DA..U...I.qk..B.....LZ.I..#\..+.aG.......#\............I.......I...................................................I.t.....I................................................................4..'...'..............!.Xy.kE.Z.c.YLz........................J._....J.T..m.P.....N...^........................................I.qk..B.....LZ............J._....J.T..m.P...................................U.......U.......U...........................................U.j.N...U.T)....U.......U..f...U.......U. .<...U......U. .......'.U.8.U...z...,4. ...."......$>........4.."..7......A.g.e.n.d.a.:.........................Z4...........................................4../4......p...............C.a.l.i.b.r.i...................U...U...U...z...y.. x.. ..
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):41893
                                                                                                                                                                                Entropy (8bit):7.52654558351485
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:pZvVQkUbOHxx3pvVmO5rsP5gUdXwFMuv53knzyncaXgRDqPU:pZkijV5wScXwFMYknzucaXgRyU
                                                                                                                                                                                MD5:F25427EFECFEE786D5A9F630726DD140
                                                                                                                                                                                SHA1:BC612A86FF985AB569ED1A1EA5FFC4FDB18FC605
                                                                                                                                                                                SHA-256:5A36960DF32817E8426BD40A88F88B04FB55B84BAEF60F1E71E0872217FDB134
                                                                                                                                                                                SHA-512:B102F34385196D630F198667E874F25ADBC737426FDAE0747EC799B33632E5DC92999C7C715DC84D904342738930267AB1709870BDAA842243E4C283FE5E1554
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................!.1AQ....aq......"......2...Xx..9BRr#.b3$..&..g.8....%F'G.(H.Ss..D5E..v..W..Cc.deu..7w.h.).....................!.1....A..Qaq...Ttu.6..."R..5...2B..S....bcs.Dd%&r3C...#$...Ue.............?..R...%.R...t.MQ*.l...v...V]..n...Zw....M....4..F.&&bb0.:]l......ay.r<..3.l.Q^.........I54.N2.8..2s...w..r6.......[1Zh....O...9..>...B......x]...r.\.\..v..~....y.QT.3.......=....r..}.l.....o;....M..C1....w)...+o1f.]...MoA.E..s5..i.\....miGsy..m\.Zj....I'YU.\tU6La5v.>.K..m.]1.......k..0....</5v.V7lY.e.vV.+./[....f..u{....s.}.Rb.Z.....Y.6]..m....V.\...Mr.=r...K...l..%..m^.......X.(..fG..[F*ly.jL.a4..vs..o.e..q.9km..w1.yg.....r_.*h.n..5i.-.{Y.l...<...'Or.s..Z....../JP.....\FV.S..............m
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):12288
                                                                                                                                                                                Entropy (8bit):4.553357117105195
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:zsRHSMPq1XZF9So/edg5vdU9hx6F/3+5/+HEvZwQX2p6/gsZRtlnh9LKlUkA9kF9:otS1XZHX/edIU9m93+5mq7FZRtH9LKlb
                                                                                                                                                                                MD5:61246836FF103A39EC6F86EA0272CD06
                                                                                                                                                                                SHA1:58B2E1F5113A96C324BF96F92192B567B1E1D89A
                                                                                                                                                                                SHA-256:9DAA9D866D7C8C639B9E7B97E593FC81BA62B4B9CA5BFB5B9C472DAF9F242D4E
                                                                                                                                                                                SHA-512:BD60857DA0018B1547A3A6213A53B95857EC18CEFA4902CD58936D255ED8D0360410928CA3EB4AD10A6147FBCFC9F15BAAC1F6C26335DC2A0C67BB6694AFBD28
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......,...v....... .. +..2...>.......|...v...H...@....*...........................................................................................................................................I.......I.qk..B.....LZ&;e.G...&;e|....&.z...$&;e|....&.z...$&;e..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.................l)".%...O.`.....N...^...............$J\...|B....:..r........V...x....................................I.qk..B.....LZ................l)".%...O.`..................................&;e.....&;e.....&;e.........................................&;ej.A..&;eT....&;e.....&;e..r..&;e.....&;e .7..&;e.....&;e .........Z4...........................................4../4......p...............C.a.l.i.b.r.i..................&;e.&;e.&;e..z...y.. x.. ...........$........4...!..7!..7...............&;e;&;e.&;e..z...y.. x.. ...........$......
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):14177
                                                                                                                                                                                Entropy (8bit):5.705782002886174
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:EbgGcV/hlvpfal7rgYa8S7auAxwfuSTmCSNoFQ6NO7L:EbgGcVnpwimnd38FdQL
                                                                                                                                                                                MD5:7CDCE7EEBF795998DA6CAC11D363291C
                                                                                                                                                                                SHA1:183B4CC25B50A80D3EC7CCE4BF445BCFBAA6F224
                                                                                                                                                                                SHA-256:DE35AF949D4F83E97EE22F817AFE2531CC4B59FF9EE6026DCA7ECEBC5CF2737F
                                                                                                                                                                                SHA-512:560FB15A9C12758D11BB40B742A6EAD755F15AD10D6C5DEBA67F7BC8A2AE67C860831914CBCBCDED9E6B2D1D5F26A636B9BCEF178151F70B4D027316F94F27E1
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!.1..A....Qa".q..2.....&...B%6.'..R#3.$E.r457bS.DUFV.Wg(.......................1...3.Q..2Rr....s.4.!Aq.S.aC5B$%............?...n.Liq.}.{#....3/gg.1.M +..~3...q..+=..:.g.i1;P)7.....q..n.s"p...wx........v.t.f;..L/..~....y.r[.r.....n.n3..6i..g..}../........3..x.L.i?We..l.......~..<.;..6..o.....N.t.o6.l..~.......<...m.V...Q.7k.u./wq.t..;.I...}..{...>.L..3m..a....yd......6~.f..~Y..}+..<.[w..'-..?.v.7...v.u..4.......1];..u.MO.......s..p..ms.'.O-o...O......m.k.e....)t....i>..E|....,iOyD|.{......g.n...cu....=..........h.\.Q:?g/?.I.3._...t...d.n.0.%y....S.Q....S.&K.w..&wY<....%.g.v.....$y..#,i;.=...t...I6..yO..o.d..w\k...~......)..rK.......].u....N....e.s..kU.u..'}
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):49152
                                                                                                                                                                                Entropy (8bit):4.641750165578378
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:W3NQhO+JJTtTRsH+3o3NhMI4QT3e6Me0r:sQhO+35RsHf9hMI4QT3e6B
                                                                                                                                                                                MD5:B50F7A956286D51A8C930FA00CE04BD6
                                                                                                                                                                                SHA1:F4093EAE0637F30C6D8556C38F18E14382408FF4
                                                                                                                                                                                SHA-256:52346F7E52D04C033820E72516B7035AF8CA2C18FE5E2B40024C58BD4B24149D
                                                                                                                                                                                SHA-512:FF993F663CA6B7BD0E7C2F420677E276E1CFD6EDC29971549C46E5120BFEBEBE54AFBDAC2591B74292EC6C5D346438E993FAB62ED869B6081196C1948AA144FC
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:&...&....&......j%..&&...... ..(@..0`..........&...&....%......j%..B&...... ..(@..0`..x...............................................................&...&....%......j%......X... ..(@..0`...................#...(....8>G.............b....V..5..c...x...Bf....c..#.G.EG$..Y".m=.#.G...a.o...,VR.....a..........tW......tW.....................................................T.o.....T.....8.T$..."..T#...f1.T....2..T.f..@d.T......!T#E...........0...........e....4........................u.^s.Q.@.).~b.......(...@kO.....(..."...P.l.a.i.n. .a.n.d. .S.i.m.p.l.e...j...P.a.g.e.L.o.c.I.D...L.o.c.V.e.r...P.a.g.e.V.e.r.C.o.m.m.e.n.t...P.a.g.e.O.v.e.r.i.d.e...P.a.g.e.N.a.m.e...2...0.0.0.5.2...1.....0...U.n.t.i.t.l.e.d. .p.a.g.e....................<.B.....-.%..!.......!,...J..:..$..2...j...^...<...........n...X..............k......."....D"..........@d......q....c..,0...e...B4.$........{p.....G...^...?@kO....................D"......D".......r. :_...d.......d.(.!J.^R...w..*P..t.(.<..n.*....2
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.388583914800847
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:8s5aizWrZE2HYtcfE8ovXH9OuECcfrdhSrJWwotXF89GsF:8sFWrZ54IE8uXH99jaRATou
                                                                                                                                                                                MD5:614AD29367B8969C8696BBAC3A6D0BFE
                                                                                                                                                                                SHA1:B4799ECF0E8F76FB0A66682C29799772D1E99192
                                                                                                                                                                                SHA-256:50F48AA5D22AA38362CFD223CCD3A5D5E65918B2D4D293FB8F30D8B3D53025E3
                                                                                                                                                                                SHA-512:55055593B2AEA9D7272FDAF28A6D0460B507F178E9787F2F736B7EE7018DBE73B3E78C365C0D1953CA955388BEFFBAE226922B0B6923870ADF48F69E68D3278C
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZh5p.....h5p?.~..?..#...3h5p?.~..?..#...3h5p..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............b... =..5...2......N...^...............Xj....XN..D...........f........................................I.qk..B.....LZ............b... =..5...2..........b... =..5...2...........h5p.....h5p.....h5p.........................................h5pj....h5pT.]..h5p.....h5p..B..h5pH....h5p..B..h5p..>.)h5p..J...................;........4...4...4.."..............h5p.h5p.h5p..z...y.. x.. ...........$........4...(..7(..7........................;........4...4...4.........h5p.....h5p....#h5p............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 814x105, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):12654
                                                                                                                                                                                Entropy (8bit):7.745439197485533
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:JheN2cq6MLu6MLGu54cHeNzhcmhcDu53eNE3UPkhrxvu:Ji2Wix7fzVsbE3Zm
                                                                                                                                                                                MD5:4BCCCDBB4273ECEBE216C84930A8D0B2
                                                                                                                                                                                SHA1:FFBF617787E27BC94D9BAF89F2FE34A2BD42794B
                                                                                                                                                                                SHA-256:474F9A8C25D5E21192315397EA995B1E11E2C1608157C6E0277688091BFD136A
                                                                                                                                                                                SHA-512:DAD73A8C0E293B88685C0C71EF15E0DC95EE39B7FC9F849DE5D634173FD9FA0AF0AA96742D9E94BE03556AA4A817D5001C95A6736EAD5D5DF03661876785EB74
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H.....C....................................................................C.......................................................................i..............................................E.....................U....V...f..ASTc.......de.1Qq...!Rb....Ca."r.................................B....................b....Ra.....!Qc.....AS.1U.."C...2Bq...$#3%&.............?......3.....~......:..g..s"......:..g..s"..ic..Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. ..0...Q_..X..V5E~..c..X...@u...cTW...0...Q_..;.m.....@w...Q.+....*.4W...lUFh....v..._..wn...dW....y._..v..E~...*...@wn...dW....y._...v..U..@wn...d..{`;.|U.2g...*.3...:.0?ViN.z.@w...4.M.:m..`~..i7...q...I....J.`l...W..n..PQTiB...6....+..sj.*."...6....+..WA...x..A........(.N6`..AD.q.....'S...t.Q:.l.......f.]..N..0.. .u8..A........_W..Y...}.C...~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~.v..?U..^.r..}..Bep
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.319695976110948
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:8szI5eeSFFcgatPs7UEp8BXuhF93tuqfcFrdhSrHy3fhFtX0E9PnR:8sOevFKlp/EpUXGF9duEYRAMFR
                                                                                                                                                                                MD5:92C9743B7E742C0660476D864C49A56C
                                                                                                                                                                                SHA1:87C573A62C601814F23DB7D5AE27496688DF711C
                                                                                                                                                                                SHA-256:1DBC86A74EBE9E0EEDE3FBFC0B5626023569EB7CA562003EADAD6084FD07B7C9
                                                                                                                                                                                SHA-512:5938431890A141254A3C7B07C65742695DEBD10697EDC6149147623CD9125F4B9951505ABBF177FD846B8FE8D6E9DFC0901236003F5A47583BD22148F18EB1F0
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ.*(......*(...;.!...Jq8..*(...;.!...Jq8..*(..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............]....)..............N...^.................4-...N.Fwt.$*r........f........................................I.qk..B.....LZ............]....)..................]....)....................*(......*(......*(..........................................*(j.....*(T.]...*(......*(..B...*(H.....*(..B...*(..>.).*(..J...................;........4...4...4.."...............*(..*(..*(..z...y.. x.. ...........$........4...(..7(..7........................;........4...4...4..........*(......*(....#.*(............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 728x77, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2695
                                                                                                                                                                                Entropy (8bit):7.434963358385164
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:N9YMsguOZgKAz2vcaQU4R8r4BU0/Rc4nbIQdsohw13ZmFLY6KsVvMdBL2mr:/hsEgNz2v5T/rQC67SoWniHK4EdBH
                                                                                                                                                                                MD5:B23DE98D5B4AFC269ED7EBFDDECE9716
                                                                                                                                                                                SHA1:10AF507A8079293A9AE0E3B96CF63A949B4588AA
                                                                                                                                                                                SHA-256:646586CB71742A2369A529876B41AF6A472C35CC508D1AE5D8395D55784814F2
                                                                                                                                                                                SHA-512:BBACBE205EC0A4F4E3AB7E2B1DEE36FCF087DDF77C7D18B53AEA4B15984A47C64E19F9B8D8FA568620619CEA0361D94FE7ABEA6E502EC6ECAEFE957F42ED7EE8
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......M....".......................................,.......................1....!ABQRq.2a."CbS.......................................................Qa1A............?....{............i........l..-D.q.~..|cS.S...R\..d.8,!.....]f$....Q..di.;~5......vj......MqCe..=.*.f^..=.}.Cm]qCd..s=..u.e..v..t'.,.....S.s..N...>.d4'.,..k...N...d..9....G...y....6J.Y.l.{Vf...^B..i.3.z....:5W#4@.S\fj.%..Mb.5.v.5......S.E..#.v.I.....I......m..H....D..|.Y|...W.Wf..o..U.0.E..@.T.....................................'.S../...Z......!J..1K..rI...T.f.>.+.N..o.....\..^u........e..q.qK.GXP..-...F8".;5J...]Y......j.a.,R.......J.N........z}<qu..J.)`.}X:..}.............B...[. ......,B.).b.......(Y.O....c\.o.e&.W.#Bo..N|..N8.#J.>1D.1..b.&....q.#..UT%,.d.....m&..^...VXA..b.nbTV~.....^........q..#./.I..=Q..=..Y.*.Ib...VZ+......Y.........'.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.35744149524194
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:E1ZBs78SrdzKTUBtlcME/EgGXrM9NfclrdhSrvcStXcj89nnbJ:E1rsXtOSRE/NGXg9NfQRAzKm
                                                                                                                                                                                MD5:AA4945EBFB8FEA9C16A9C58A9F6CF558
                                                                                                                                                                                SHA1:AF35A78D6F8C6666797B43080841A4CDC94EEBEE
                                                                                                                                                                                SHA-256:B58625B393B3589C0889047D5D25DC318A309C6C29A9523EF8015961B8E1046B
                                                                                                                                                                                SHA-512:790DBFC1F751AD024493B68219823F053810169D6F0906A4A00DB6AF6A3255DBB43EAE59903313F6F5801FEE79A8B8E8E09F6A53A1B07D24815F0161B2B3A448
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ............}..3.[..}f.....}..3.[..}f......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............+..Z.....}.k.....N...^.................r..?.E......m.........f........................................I.qk..B.....LZ..............+..Z.....}.k...........+..Z.....}.k.........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...(..7(..7........................;........4...4...4........................#...............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 69x630, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):11040
                                                                                                                                                                                Entropy (8bit):7.929583162638891
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:u99+91V42ho91V42ho91V42ho91V4235z9pUkDCyixxo4PS6b8tEy3BcWWhhSy0b:ubKD4/D4/D4/D4uzX38u4PNYJ2zhhmb
                                                                                                                                                                                MD5:02775A1E41CF53AC771D820003903913
                                                                                                                                                                                SHA1:2951A94A05ECF65E86D44C3C663B9B44BAD2BC9D
                                                                                                                                                                                SHA-256:83245F217DEAE4A4143B565E13C045DBB32A9063E8C6B2E43BB15CD76C5F9219
                                                                                                                                                                                SHA-512:5A1FCC24BDD5EE16BC2C9BACF45BCECF35ED895EAC22D2C4EE99C1B7E79C8E8B9E5186E3D026BA08FF70E08113F0A88FBF5E61C57AF4F3EA9BA80CE9F33410E9
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H.....C....................................................................C.......................................................................v.E.............................................S..........................Aa..!12Qqw.....3568rv........".....4Btu.....#Rs.(W..bg.................................D.....................1..2.!4Aqrs....Qa......t..."3BRb....#.$S.Cc..............?...K/h._+.N6.-.a...5...;.r....,...0B.s(..zp..4.%r|q..E.Q^.../...C.R..?u.q8XN.>.e..:..gJ...._.n>.70G,..(........3b.&.5m...Q../...7Ie..k....e.l6..&..`Gt.P.Y^r...=..Y.e...N.B...O.#..J+........u.V;G.'.....V.]8..C.]..........E.....c..w&lX..f..\T.J?...F.,..m|..93........,.....+.R..WG...%.....(@.....p].iEz<.8.^...J.h.....a8P.1......(z..y~.........H.Z^.>..<.....L.k..IG...R.(.%..m....&u...B|.....@]ey.W.J...!d..R.8...[..>8....(.G......!.)X.....,'..F2.Z.t..Aw./..Z..#..i.kK.......b.i...qR.(....RE.............O.XP.#..(...9J..]...,.2.[w....KrW'...tY.......{~.:.+..
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.495284676698598
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:6s2UCUkFPo9D3tUEP3F7S6X+9JT8tclrdHrvotXVvDKk4fhSXhn:6sWPoF3WEP3FZX+998tIRLw67hSX
                                                                                                                                                                                MD5:11CBB0B59133687FCCE614A244115632
                                                                                                                                                                                SHA1:AC407DC2C51DE6E8EEEA857F391B6534E9D1D5C3
                                                                                                                                                                                SHA-256:97D6497729DDB6FABF9DA0071126034147E621413B32A6A13D0CCD5158156E45
                                                                                                                                                                                SHA-512:1A81CA074ADE770CCD1C5CB7CF56D5CCDA328C8E42FBD0CFB72B78C8081B8D6C4DB5CCE80C3D0F6C48BD2FDCC825D2E1783CB8F31778EA569894BB7173693169
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......p...v...d.....................................................?....?........................................................................2...>...L.......v................................I.......I.qk..B.....LZ.K.......K....P.9..7>.".K....P.9..7>.".K...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............-...a.....C..@....N...^................|e.G.9J._0..s`.........Z................................... ....I.qk..B.....LZ..............-...a.....C..@..........-...a.....C..@..........K.......K.......K...........................................K.j.....K.T%c...K.......K...G...K...H...K...>...K.......K. .3...................;........4...4...4.."...............K...K...K...z...y.. x.. ...........$........4...(..7(..7........................;........4...4...4..........K.......K.....#.K.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 105x441, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2268
                                                                                                                                                                                Entropy (8bit):7.384274251000273
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:N9YMn9H5gXlM26vroVXWxyNnl1LmLR+rn4FOeewGhDbby:/h9SlMdgm09ll8R2/rby
                                                                                                                                                                                MD5:09A7AE94AA8E517298A9618A13D6E0E2
                                                                                                                                                                                SHA1:FA5181A7414BA32F816BF0C4278EC20C615E8B1A
                                                                                                                                                                                SHA-256:3C68C7EE798E62A4A99C740153F3980D7DF029605C843410942C7F85E794823B
                                                                                                                                                                                SHA-512:074E9A2BE2039D0AFEAD360157550B934FABD0CB86B5AF476C1FBC885EE60331F5A68EAF70BF76E23C8248A20FB900346839F4AA8892370B5889E64948DCC6E2
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222........i..".......................................3......................!.A..1Q."q.2BRa.b...#$................................... .......................!12AqQ.............?..D.z.4....;.....7...3.t<!..d.O.....+O+.;.z6.4cz7E.........U.Z)-..@..y...........}(W...<.xv/...5.ew......yN....n.Tk.Tm.Ty.vA=...T..U....h...e.8.5%....'......e^......L.g.$.~e..O.._...... .F`.....xnL.<.......]jfv...}..\G..c.......-%...#.C.|.].`..^..W..c..B..5D.QSTaZ.5A=....BU..z%.4.h.6..=..U...W.$..l...7.:...........IPQT_...~..i..x....~.l.|.n.J..TV.21.Tg.....................j.z!+.-............"j.j...)*..TT...."....T.Tc.**j..............j.z!*.h...&.&.&..e.%..TksTW%G.?".l+$..c._9..[x...TU..........i~X..#'.qm?ttO.....}*.i...q.....9..r..?..W..d.w...f;..q...tZh..0.....2.......OD%Q-.......$......56.K.O...y._..*_C.k..p9.p..O..vu...'........0v
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 76x97, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):784
                                                                                                                                                                                Entropy (8bit):6.962539208465222
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:869YM8fij0W/xfuCp7ovv1bidiMn3bGi6AETQcdH8SADjoZgV6v9jUEvS3/g:N9YMWeI424diMn3yinsQeHvADu9QEvJ
                                                                                                                                                                                MD5:14105A831FE32590E52C2E2E41879624
                                                                                                                                                                                SHA1:078FA63FC7DB5830E9059DF02D56882240429D90
                                                                                                                                                                                SHA-256:D0A3A1C3CD63C4023FE5716CBE2C211307D0E277E444D9EF76C7FC097A845FD4
                                                                                                                                                                                SHA-512:8FC0ED24E8EC14C46EA523D9265DE28F85C5FC57AA54AD5B9CA162E95F79221E2AD3DD67D1293CF756B67F3D3DECAE122254134EA8D4D00DDED02114B5383947
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......a.L..".......................................-........................!A."1.Qbq....2Ba.........................................................1............?.....3.Ty\......vs....>.>..a.W..s89.d...Z}......rz...`...Z.r.do....u.W.%....gf.>.L..xz....B8=w...g.~g."HD...$..IKJ......nn..*ly..I....L...\q...Q;6.KrxZ.,...j$..ZQ..)f...q`.*..C1..cZ2]-..\.~..J.....^..(.f..9m?..C.NI.UL..X.fy.Z.........+n....r."Z...d..R./\.#...kd.D.5.!...h.3*s-+.......Xjt..}i..rK..y.../>u..]N.....Y..J......1.x./.....F6.......I...._3...k.sM.+..v;.%|.f.~.......:y....S....UKovh...W'........lF... .................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                Entropy (8bit):2.715818552171664
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:IqLswmeAJlVkBhLrWEnr7XX9yc6twJjRQ5jpqdqRqiqeqdq2zqIq:9speACzfr7XX9/6twJjRCjpGmFVGjv
                                                                                                                                                                                MD5:FDBF4257BE10447C6BB437733B816B27
                                                                                                                                                                                SHA1:E60EDB24E720EE6D1B7E7B7D23578F7F7567BB97
                                                                                                                                                                                SHA-256:20B0BA4F139C2947EE6B990C3C1FCF8E19023173C0152454BC67D5CC440930C0
                                                                                                                                                                                SHA-512:991F3E9A4B129CEEA0627D49F0C822E8F0C426E0FE10BF15C291262A7C29A323DD25C2F24F1A776BC0F019A3139048A821561E7B9EC8BF1CD9B6C583254773AC
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>...........v.......................................................................................................................................2...>...........v................................I.......I.qk..B.....LZ.r.......r........t...h<.r........t...h<.r...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............6...h....&..gh.-....N...^...............Q..r.m.L..<.................................................^....I.qk..B.....LZ............6...h....&..gh.-........6...h....&..gh.-..........r.......r.......r...........................................r.j.....r.T.l...r.......r...Q...r...Q...r...>...r.......r. .3...................;........4...4...4.."...............r...r...r...z...y.. x.. ...........$........4...(..7(..7........................;........4...4...4..........r.......r.....#.r.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 95x498, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):3009
                                                                                                                                                                                Entropy (8bit):7.493528353751471
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:aRCTf+0hagMrbAZMJShPdvF/5OzlQFlDF7npkDdWvVBTEnBLT6NrgCX0:D+0YgMrApL553JtEdEVcL2NcX
                                                                                                                                                                                MD5:D9BD80D40B458EDB2A318F639561579A
                                                                                                                                                                                SHA1:83BA01519F3C7C1525C2EA4C2D9B40F28B2F2E5E
                                                                                                                                                                                SHA-256:509A6945FACFB3DDC7BE6EE8B82797AD0C72DB5755486EE878125A959CC09B59
                                                                                                                                                                                SHA-512:C368499667028180A922DD015980C29865AEF4A890C83E87AE29F6A27DC323DD729E6FB1C34A2168A148E6A7A972F65A5FC8ACE6981AF1D4E7057D99681CB366
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H.....C....................................... ! ..''**''555556666666666...C......................&.....&,$ $,(+&&&+(//,,//666666666666666........_.........................................:.......................r.!12BQ...3Aaq.."CRb.....#4$c.S.....................................................1A............?..p..-.....u0$.......l......)..o.FTd..DG....... .t*e..jO..Z.U......r..j.O.,..VD./.....V5D.&......A..Zi....E.N....*..........#..M<|.2.Y.../QO.x.cTM4......+.F;V.x.de*....]e..O.x.c\Y........r..j.O.,..T...hw..k.^.[B..J.sEl.w.x.m.5%zzt0..T.......b..<\.3Q..W</..!.xh6..Z..\.+M.o.Y..1............#.........|.a.l.KR>..U......e....@...\.1Z...Y...[....F.6.t.#..Z,.x.Q..[`.X......#........W</..TM..-H...V....Tf..........r..j.x.df.f.....#..l.KR>..U......e....@...\.1Z...Y..Y.us....D.)....Uh....FkYm.m`P...W .V.g..FjVj.\..1Q6.t.#..Z,.x.Q..[`.X......#........W</..TM..-H...V....Tf..........r..j.x.df.f.....#..l.KR>..U......e....@...\.1Z...Y..Y.us....D.)....
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 700x114, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2266
                                                                                                                                                                                Entropy (8bit):5.563021222358941
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:TuRCTP9rSTfIEe1HbcVY1YbDXq8eCI0bf2QQe0GVDQAzZw:aRCTN7HbcW1YbDXq+I07Ien0AVw
                                                                                                                                                                                MD5:DB8A181E3F0EAD4A9472099E42ED6BE3
                                                                                                                                                                                SHA1:92096AF05CC6167B1AA816811A1160B809393FA2
                                                                                                                                                                                SHA-256:E9746B4E9AE9CE7B3B0068779DB3E113E2DFC9880F25373D745D0E700E69A906
                                                                                                                                                                                SHA-512:A9E246E10E28D057090BA9F034ECE6131780D7F794C5C9421523388997C7EDFBB49BC32B863B6C6668911B359C304AA54969B48CB9234950D5CECD2A6F3EFFF8
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H.....C....................................... ! ..''**''555556666666666...C......................&.....&,$ $,(+&&&+(//,,//666666666666666......r...........................................5.......................!1AQ..2a...."Rq..#3BSr..C..................................................................?...X.....U...j...F.W.V]'KV.uWt.iT...{.......`.(.....V%..=.....z......V..ct+.U.B...@.............................................{.....5.........0...x4....c..;...........+......|.7E.%.9.1+}..d.........+.V#.P.HUL.E...g.li...8.>U.";0pi.]5.\..zo..."@.........................................y.6.mLN..S.....@...i..A..p.......~|V9.+.Xy.........+,L.....7Z7..p...-X...\.....:-...i....v.1...-..H....9.zk....l....^.......:.."^.t.Q.F...X..B..$............................................a.%f&3..1.5+.X..'b7bwr.).e.x....!...H...aa_..kD...b..g..p..K^.k..qX.[,.........Q...U..x...YMvj...w..:k.....j.W.8..4....c.u.}m.....o.=@.......j.S.t.|.....5h.y.%.~...G
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.304606470564318
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:Yhs+emu5vhYE5EgXMX92rwisRQy6hqmBTpn/:6s+emuJh3mgXs92psRJ6hqmBTpn
                                                                                                                                                                                MD5:91D8E8DE4339ABAB74715599FC32D4F9
                                                                                                                                                                                SHA1:9495E1AF1DEDA28CB3F69D2503FB6FA170FE37B7
                                                                                                                                                                                SHA-256:AD07C38D0B50787EA19FCDE8E1CBAFDC9F6134D8F676E2A08951CBF40E76A4A8
                                                                                                                                                                                SHA-512:AE292172367C98973A2A9EE39A75DBEF8820BD710002A0068B46747CF5C72A8CA74C03030DE08042B2FC1C7894EA6C969609516681F365E9D04127C9A3D5287F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZK.......K.....`..h...u..K.....`..h...u..K....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............Y.....0.?zg/........N...^..................0...A.N50..84........f........................................I.qk..B.....LZ............Y.....0.?zg/............Y.....0.?zg/.............K.......K.......K...........................................K..j....K..T.]..K.......K....B..K..H....K....B..K....>.)K....J...................;........4...4...4.."..............K...K...K....z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........K.......K......#K..............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 813 x 99, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):99293
                                                                                                                                                                                Entropy (8bit):7.9690121496708555
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:Moq1jVORV5NO5xLCBaaNk4vhpCr1CH/DATOQlWvHMHojiaAMrxArLFRZPj19AWFz:eVEbouBaIk4T8uDGOQlVHvaAMkhDh95V
                                                                                                                                                                                MD5:EA45266A770EEA27A24A5BB3BE688B14
                                                                                                                                                                                SHA1:9F0B23B3C8EBA4FC3C521E875EF876FBE018F3C8
                                                                                                                                                                                SHA-256:EDAD0F03E6FF99FEF9EF8E8B834CE74F26CD23C5F8C067F5CEE66F304181E64D
                                                                                                                                                                                SHA-512:D4EE36BDA897BBD643A699A0332DD00DE9CDCC6F46D861789BAD259A4BF87868AE3B4CFAAB6DFAF29941C7055B77A95D76BAA86A4A0DB2BF3BAF7E3317F03EB9
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR...-...c............sBIT....|.d.....pHYs...........~.....tEXtSoftware.Macromedia Fireworks 8.h.x....tEXtCreation Time.05/15/06.8.p....prVWx..[Oh\E...y3kv........`.%m.R..6.1.4).o..Ki...D.......P!.].=..K...C[....f.}o7VPJIg...{3.|....d.....i..=.4.u0...n y......@j..Q..f)..mQ...4-SJ..9.d.?..5\-....:b.W..i...c.5..{..pj#.....B1C/.I.......].Su.k?.2..:.9Q...5.U...UZ...e..U.c],..2.}...1..)W./..Epr.Zt.....K.=..{......e..."...v..B.4.#....A.V1.".V}t..[..2f..Y..V9.".6.......(..gbm.P.....Y%2.c.z.:Q.2.<tYF.....u.@..KJ.;u.q:.].....$.....V....Hqk..DW.l.e.j.Z.YP?:'R..*.<........6...m@..r..j2..HK"|..L.Nc..D..y.9..B4$.......`.3.m1LE....7(OU\+./.O...%6T..w......h....).I.&n...*......#..W.41...5.#.`..I...<.?.|..*+Q.....#i........$,..n...`.s....[..E. T.w..j.,&-.r..;a....#.>(.P......f...MU\3*..;B....)..5....z..(....-...a.....}y.l..E...z>......&..g.$.....*T...N....E:./.>..#...^..E.0..%......(..@..W.X.NDM.<~.]A.>..fW.O.y.'...Z...h..).F..
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.298687959225677
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:YVUKVspuQcGF1WZ/+EPpXQk/Y9+18RQywD1Q/f7dc:qspuQc816TPpXQkg9+18RJ+1Q/f7d
                                                                                                                                                                                MD5:EBAD91917C382D3D6EDB13FDA184DE23
                                                                                                                                                                                SHA1:60697DB78C903AA26DA414B40B79050E4A63A18A
                                                                                                                                                                                SHA-256:C185A0F8D1CAFCC545324A6B51F0A64EC956CBCA4202033D614812C16BE4F179
                                                                                                                                                                                SHA-512:0B745FC8883CAE09DDFD20CD8219AA4E2823530352877270093C81902A0C940D3F3FD45AC9935163D826C1B8E7F33F4329AADEAA742BD0A82E9664DD3B20C07E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ.I.......I..&....+.."N.I..&....+.."N.I...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............o.vu....Y...5.....N...^...............aV..$..A......G........f........................................I.qk..B.....LZ.............o.vu....Y...5..........o.vu....Y...5...........I.......I.......I...........................................I.j.....I.T.]...I.......I..B...I.H.....I...B...I...>.).I...J...................;........4...4...4.."...............I...I...I...z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4..........I.......I.....#.I.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 780x107, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2898
                                                                                                                                                                                Entropy (8bit):7.551512280854713
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:N9YMTXc4gpw+EIWnqQ5G+NE9VTzRFvS4+Xh+AKrNx+JuCluc3Eeky8etajhDCFex:/hDc4rPIoNEzbS4+XhOrGJu1cUHeoVey
                                                                                                                                                                                MD5:7C7D9922101488124D2E4666709198AC
                                                                                                                                                                                SHA1:00CC44A1B84D4D94A0ACE8834491EB5F65D04619
                                                                                                                                                                                SHA-256:20016E5FA1A32DCE5AF4E92872597E36432185A7BB2E61C91F362BD68484529B
                                                                                                                                                                                SHA-512:882944B2CF040485899128E03B7499C540D481E45FE8017DBF4FE0330157B2D8ABB7334DDB31C112BA0EFE3722A554883917C54155A7F60044D2D7F3D848260F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......k....".......................................2...........................c.....TUb...Sa...QRqr..............................!.....................Q...R..!..............?...$.)m.1...%%bV.J..H....-.%a[...I"WJ..:.X.:TT.$.......N.-NR.E..-NR.E...9..E....$.k.....B.I,I)..J...kr..+)..I,Yj..YbI..+,J..e..Z..V.e.$V..TV.X..V.YQZ.EQ..U%PY[.[.R.EP............................| F.. ...j*...!m.!j.I%.j.$...YeEYYEEUE..eY[.hEEUeEil.....%..el...V..TUYA.U.UTTUT.Z..UQQUQE...V.,...UlE.U[.lEP.P.@......................................R1...AR1m.....#..$:.T.p..IJ.t.....A..AH.,5..]F!a.XJFaa. ..a.!*.aa. X.e.......bB.b..,HX[,!..,,.c0.,..U..X..(,,...B(.,..4..B.`..".a..-......"...........................>D..IKEb...t.....)u.....)K.%+L\.J]i)*b.JR.IIL\i)u....T............T.....qs.it.iJ...])ZJb.....X....U.A...V1..B.R1....X...,.c...,%X...,%#0...,H
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.346248930480702
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:eBsnQ8jUWteCVKxESh73OXyCf9u+oZrdQqrRWTc/lBXN4E/N8g:us9jUW0dxEShLOXy29hQRQyRtlDZ8
                                                                                                                                                                                MD5:87571CA501308B9B714263DF48F9EDFF
                                                                                                                                                                                SHA1:01161707F41EDE023A656F4304ECE69533DA7016
                                                                                                                                                                                SHA-256:F3582EC7B41260981A8876A09C629FBC602387C0A0D934A0BF035A123C6B3A31
                                                                                                                                                                                SHA-512:6E6F594280575DD30484238BD2A08078864E09B5694129B823FAFCD9118DEDA6374B1F6B71A1D2AC8DCE25B94F813F5176F2027D82E5CA9540F1EA56A610D780
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................I.......I.qk..B.....LZ:......:.X.|R.+....UL.:.X.|R.+....UL.:...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............e.......<.r....}....N...^.....................J...R..c........f........................................I.qk..B.....LZ............e.......<.r....}........e.......<.r....}.........:......:......:..........................................:.j....:.T.]..:......:..B..:.H....:...B..:...>.):...J...................;........4...4...4.."..............:..:..:...z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........:......:.....#:.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 613x144, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):29187
                                                                                                                                                                                Entropy (8bit):7.971308326749753
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:RwjBOlCk+nYnGagKJWJhwMJiRO22ZIm4VXvXx1tA6BQs:i8snY3JW7uROlEfbtVL
                                                                                                                                                                                MD5:DF99CAAAB9A7DE97B63343E60A699AB6
                                                                                                                                                                                SHA1:B84334135CFB73BC6EF55F85926770D5AC6DFEA8
                                                                                                                                                                                SHA-256:74C131777E7C437FD654427417097BC01B0813BA8E1E50E4B937BD50A1BEBCDB
                                                                                                                                                                                SHA-512:5D15AAAA8B71DDFE01A7C0ADE16D9E1F5E9AAE484BCD711B38CCB103ED9564CAAC23A0031471167B660E15972D70179C2A387509B213C05D60261042A0456025
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H.....C....................................................................C.........................................................................e..............................................`.............................!1Qq...2ARa..."#.....3BSbr...$4C...Tcs......%&DUd...E....56Fe....................................H........................!1Qa..Aq..."b....2R...BSr..#...3..Cc....$%4...............?...b.d.8T1.;#.S.DO...~.R.......3.xe...z.6..."m..k...;*.'.f.5^.....m..<$....8.R.j.D.v..>...*dT..vGbt...I......sEWp.r3.. ..G...6.....w...l.S..q...b.....-R....^Zu5+u6...A..Z].:...5..Uzn.,l.L.....?%.*.S.+zVg7.=.s.Q.....8..:,c.......ZE...>'IF..W.0.d.......c.e.d.V.t..S$.DNR.[....g..#i.$. .U.SK2.....k...J5u u\R.....T.[4..A.O..,.T..................] .i...B.m.^f....._...{S.....<......:..|D...+...NA....Y.^f.1|..%K~1..B..^...S..v=.c..g.tX[..kTJ..t.gr....R..@.F....5j..2.K.9..g.1N.....*.U...^w......>+.l.v...@N....%Qd...t.Ni.....0;lggm...K".+!.,.....[J...>..?f.]._;
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.352920906164443
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:osbS1AEz6y+b+tSScEYYOt7YFXg9mtoRrdQqrUHY6BXlp6nXnX9Jnl1nEnXnMHnd:osREz67b+iEYY68Xg9WQRQysY6Tga
                                                                                                                                                                                MD5:FDEDEC29438FF06A2EC665172ADD552A
                                                                                                                                                                                SHA1:A73BD04D31ADA2B4A9E71CB7E9D5D48C968EA6D8
                                                                                                                                                                                SHA-256:46E65A7E3B632E0551DA8C446014318418306C720018A5C483ACA44DA9697ECF
                                                                                                                                                                                SHA-512:F0EFD00AF42253CD0F0AB74D84E7A7561909D4E168EA6458443AB3B9204FF8BAA1F09C823251718356F9DD19256C8EC4C37668DB6EF127B2442E54030750F9F0
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ~.......~.........g.M.V.~.........g.M.V.~....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............j.."B.2. ....R....N...^...............&"k.lQO...;.S..........f........................................I.qk..B.....LZ.............j.."B.2. ....R.........j.."B.2. ....R.........~.......~.......~...........................................~..j....~..T.]..~.......~...B..~..H....~....B..~....>.)~....J...................;........4...4...4.."..............~...~...~....z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........~.......~......#~..............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 276x139, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4819
                                                                                                                                                                                Entropy (8bit):7.874649683222419
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:/hnQiz+ET2/hDi+tv34VtpWfowTHgegb6hhLT1NTS:5nQ6TAhLtvIzMvbi6hhF0
                                                                                                                                                                                MD5:5D6C1F361BC04403555BE945E28E53FC
                                                                                                                                                                                SHA1:00C254F7B3BC0289590C2BBDBB39C8EC2E2B2821
                                                                                                                                                                                SHA-256:131D637CDC5D0B094FB9FAD17F4D2A1ACE0D03613588155AACAA2D1CB4E16DA9
                                                                                                                                                                                SHA-512:34D2C0929FCC3CC10D0A2121BD55BFA9A07062C2A7B8F101071164C946895DBCB2777641E79DE4193D57A3F0778DD4F1351FAF333B7E4B4DBE31A32DD69C51F9
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222...........".......................................<........................!1..AQaq"...2B...#Rb..r..$3CS.cs..................................................!1A............?.............u....p.p($.Y...9,j...V.*..S86yh.G.#m.5..9...6Y.."C.R:.[..-.7U3c:..].;.....f.?%..<T...&F.Lh.N...m]..x.D.g<B.....k..S........>j.K....#U..Z....<e.:..8....o..xq.[..4v..U..y...k... k....A#..A...pn.jJ.I.7:..{.b..ns.t,...8.Td.I....m.I.5Z.).-.. ]..X.Do%.....?..4jV.`llt.E...5...u.|..\F.=.F.r<...5dV....xc.%..&...4,...f...3..H.<......eQ...P.J....7...lLc..?..-.fR..7.#.6.......}:.]'.ny..........e;u.Y..$0...i..-....f..9(....}..T,.Inb...+=Cca7....WULA1@.s...4uY5.N.f.c..].ks.....3v..~..k..m)...f gNE`S......#.....Z..6.uc.m...#k.s.f*.l.$6..?..xC.Cm.`...N2..&H...._.&.E...[....f.Z./...!.a{K..#.V.5..v.B....1...9..B.&....%s.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.335518585876151
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:s9s6ecEJSX4KEsmtwm9EnV57dXx9is6oMsrdQqrqPBX1fkmSOEGSv5Z5:s9sPKEsmvEVddXx9l6sRQyUXfu
                                                                                                                                                                                MD5:B57481C717479B94E08711A523B5A661
                                                                                                                                                                                SHA1:4EA51BCA851C5F62B618E595356712D946F54E2A
                                                                                                                                                                                SHA-256:F14E612907D249B09338F6F99826FD47D36C4DE183FCE24A351C94C16BA79703
                                                                                                                                                                                SHA-512:BD9D3AAC1F8E5C9782A83C3FD433494E0C3D6F1744256D49D77DEF10FEA39651C99BE13167483D624BF278B6533705B2450D21765E1174649E0A14A9C37D6BC9
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......V...v...J...................................................................................................................................2...>...2.......v...~............................I.......I.qk..B.....LZ..A.......A...w........A...w........A..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............@.;.y+.......Q.U....N...^..................&._.C.3...X..........f........................................I.qk..B.....LZ............@.;.y+.......Q.U........@.;.y+.......Q.U...........A.......A.......A...........................................Aj......AT.]....A.......A..B....AH......A..B....A..>.)..A..J...................;........4...4...4.."................A...A...A..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4...........A.......A....#..A............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 814x45, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1717
                                                                                                                                                                                Entropy (8bit):7.154087739587035
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:N9YMzO6BOfqH/dAIWpdAIWpdAIWpdAIWUtr/SD:/hzJgfqHaPYPYPYPUt/i
                                                                                                                                                                                MD5:943371B39CA847674998535110462220
                                                                                                                                                                                SHA1:5CA79B7BD7E0E93271463FAEF3280F1644CBA073
                                                                                                                                                                                SHA-256:9C552717E8D5079BBB226948641FF13532DF3D7BE434C6CE545F1692FA57D45A
                                                                                                                                                                                SHA-512:812541836C8B6F356A4D530E5CCF1CFDCC4CA54AF048CAC19FE86707CE5EA0F41D73C501821AC627AD330291EF58C040DFC017923A7886CEEC308048DA2CE7C9
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......-...."........................................&.....................U.....1T..S.R.Q.................................................R....Q.a............?..d.. ...............................................+A...Z+E...V+E...U..R.....}........Q..Ah....Ah..b.AX..b.PZ+A...V+E...V..J*....Q...b.Q..Ah....Ah..b.Ah..b.PZ*.(.@z.?.`;2.......................................................Q...b.Q..EZ*.(..Z>.G.....`Z+E......J*....F+D...F+E.......b.Q...h....PZ+E...V+E......J*....F+D...F+E..............[u#...a-...f<.9^[...l0..H..6.Kn.t...&..3a...GG...[u#..8.y6.q..%.R:8....6a.+.3..a-....l0..H..9^M..f..m..3a...GM.q..m..6.Kn.tq..%.R:l.W.lg...[u#...a-...f.r..c8.....f..m..0.....l0..H..6.Kn.t...&..3a...GG...[u#..8.y6.q..%.R:8....6a.+.3..a-....l0..H..9^M..f..m..3a...GM.q..m..6.Kn.tq..%.R:l.W.lg...[u#...a-...f.r..c8.....f..m.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.348701169634871
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:usbIN8rD62OG/WEKd5vXzt9/ERQy6lB42o8U35tMo:uskN8rD1OWKTXx9/ERJ6b/o8U35t
                                                                                                                                                                                MD5:1AD3ACCA1161A24E83E0B1545CD4028C
                                                                                                                                                                                SHA1:F00E7430A16613717ACAB10D3F008EAF3F0DE4CE
                                                                                                                                                                                SHA-256:06F7D81574BAFE93346382874CCF0FC99F7F6C58458BEE164DEAB989DD7117A4
                                                                                                                                                                                SHA-512:816EE2540122D7F1E40EA041726486DDF5F5F2A374CC8E0C28521F478B955C43BA99F1297D383837D8C8E34C4743BC522CF3BEC114C4DF1F4F303A73BABBF13B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................I.......I.qk..B.....LZ............m...[.e........m...[.e.......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................G....>...v.6.....N...^...............]3..2..@......S.........f........................................I.qk..B.....LZ...............G....>...v.6............G....>...v.6.....................................................................j......T.].............B....H........B......>.)....J...................;........4...4...4.."........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4......................#..............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 262x277, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):3555
                                                                                                                                                                                Entropy (8bit):7.686253071499049
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:/h3JeYCQV5Hn++9HBdAjU78S/mjLLwqnqahJD:53Je8b+EBdAjm8S/mjLLRnphJD
                                                                                                                                                                                MD5:8A5444524F467A45A5A10245F89C855A
                                                                                                                                                                                SHA1:ACE68D567B02B68275E0345C86DB1139C0EC1386
                                                                                                                                                                                SHA-256:7D2B01F17354D9237A6AB99D5B9AFDF0E1CC43687125848B0C2DEDFB44CE3843
                                                                                                                                                                                SHA-512:8151B447B60D110C32EC1EF286B941FFC09B99140F41BBACF5A1650A385FF4D13C0DDB2878E9A470FC7CFCC95A1AB6E44F6DE72562B0FFE093DC8A3C3C7FCC14
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222...........".......................................2........................!1AQ.a."2q.B..#R...3C................................ .......................!1.AQBq............?........)&vD.)3Hn*..X+....r...tmL.k..(.E...R. .Z..&...,fJ...!...6..S\t3.=...g&..Bqe.)_U.....1......-..fl.................J...u.i.mU..K..v.w.0O..E.h..D~K.(..9.,8..E.}.............i.\.....t."v..q..C............<..|3.........................*Q..../c.....f.}8....D..|k..Z......0..~..c..e..m(...|.c..'.5.5............==bx.5x.8...T;....=.--.pc...I;.V.m..,(....}...NH.ho....Q..U.E$.~...w.t>.S\....'f.{.+.g._.t....;>.....P...........-..G.h..2...J.% !.E97Ir.D..N....j...oE._...._...".?.......#".S.........Q.Tc.I..*I..k.......=$.........sk1Jp.\K.....F.3.Q..q..J....N..[l.&....OR4bB|..2ul....J...B.$&H..9#j.f.n./........?R~....B.I.@..........m
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.363335016840819
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:bNC5xsF/AXdpWtGxElXXom+9WXoFrdQqrbwe9nBXHxM9eBS/p:RisSpWMEhX1+94ERQyEyXi
                                                                                                                                                                                MD5:FDBA37FFAC78679590A85406CB15DE2B
                                                                                                                                                                                SHA1:1E6C6CAF62D276F29791E2168A9129ED642F642F
                                                                                                                                                                                SHA-256:CA36C31BE37B1178D9E365152F7FF90C43741F01B14A76B2D18F94A0E5CD4B9E
                                                                                                                                                                                SHA-512:6932C33C8E98245F460D554E905C75850BB1BC7E41D21911AE9549507FE7F2ECBE2C7FBE2E11BD4700346642E82556929EB84BF36377ADEC19DFE80439D83F9E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ.........x....-...-:F ..x....-...-:F ....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............N*EhV.........l.....N...^...................2+.@..|Z.>.P........f........................................I.qk..B.....LZ............N*EhV.........l.........N*EhV.........l.....................................................................j......T.].............B....H........B......>.)....J...................;........4...4...4.."........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4......................#..............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 70x626, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):3428
                                                                                                                                                                                Entropy (8bit):7.766473352510893
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:/hdu7isPwAp7zesusUyYAatNG87llTONQYS:5di5tfuQ9atNZlaC
                                                                                                                                                                                MD5:EE9E2DF458733B61333E8A82F7A2613D
                                                                                                                                                                                SHA1:A86704C969F51B86D6A05ED51C6C60214ED9FA89
                                                                                                                                                                                SHA-256:BE4F0E6C89FCE91B9EBD2623567F7DFC259E0E3C77C9158742B8F64B724DF673
                                                                                                                                                                                SHA-512:BFB5D6DD6B66EE21E946E90D1E482384CD10244308562DDA814189602681DADDE5752B80519E5B8515F115A71BD6BB4317A59BE65B8B5E3474AED119F8303569
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......r.F.."........................................H............................!Qaq.."12.....#3ARbr...$B...cd...&CSu.....................................+.......................12..aAQ.!#q.."................?...#...3.Za......rV.5&...../"..i.t...j..W........d.FL.V.2K....]t.f.d.NK..:.....f...... ......2.[...#..D...ZK....p.z.E.N..T..L.-....1....2.\.6FIr2..zS\U#..........fB\t..5J..~q...D....A.......!....MY..../.HY..../e.M.Y.n.~..,....'..Pc...l...d2..m.f.it$..qx-z*...._..].cOO....n..&.....FIA.....2J2..d:<qc..6.I.G.N....f.K..Dx.-.......`....2.FZ."K7.r}..<.P.Z.da.Y.....8..s....G.....b.e..g .S.......FL.Z,&..q.MG.J+..x\..m...qN=.....)..`...&Y...S....u6{.z.g.....@......FL.ZL&.Iv.w..8....U..v...*.q.B.v_./A..#.#.g.j........*J;...u...W.Ao...%....#$.....M..^\{W.SO...s,.N.....c).,.B.Gv...."k..z."..S]H.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.367633286146562
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:4sJ50zYutymEXNrx7nXtqr9TyWoFrdQqrJobxBXqg9VOLmlV:4sMYurEXNrxTXtW9J0RQyuthl
                                                                                                                                                                                MD5:379B44A8E5AC1C77D51AFA7F2E5D222B
                                                                                                                                                                                SHA1:6171FD468B0042072F832568854049B9EF4F1B04
                                                                                                                                                                                SHA-256:44429758DCACAB1AAF82BD22C980B6FECADF0C6AE208D48584775AB6C0B359D0
                                                                                                                                                                                SHA-512:6DFB68CEAC83AE8E1784CEAF1761B44DEC7A2E2B8D9BA6048D6CF25D730F7DFD4E0B638DAE6A564A491FA060F3C4B5FDDC69467C8F0BC9FD2659B11CAEF46F69
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZzpR.....zpR.......j....zpR.......j....zpR..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............G...q~V.9I..%......N...^...............\...k.@.D..D.|}........f........................................I.qk..B.....LZ............G...q~V.9I..%..........G...q~V.9I..%...........zpR.....zpR.....zpR.........................................zpRj....zpRT.]..zpR.....zpR..B..zpRH....zpR..B..zpR..>.)zpR..J...................;........4...4...4.."..............zpR.zpR.zpR..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........zpR.....zpR....#zpR............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 177 x 123, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):65589
                                                                                                                                                                                Entropy (8bit):7.960181939300061
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:2Hlrjw3xL//DPgff+9j6yPWvHMHjkbfnwHO3AW3GL:2H2zDUU+yPVHITwNfL
                                                                                                                                                                                MD5:8B48DA9F89264D14B83FF9969F869577
                                                                                                                                                                                SHA1:E1BD58E2D80FEEF56DC514F3F0B3AB9669F22F95
                                                                                                                                                                                SHA-256:62AD3C277E54F03F1ADB44062407346F789E63859B7AFABFD64BE6AF5E9F66EC
                                                                                                                                                                                SHA-512:03B783EC968DF3F648504D068D64DD1AE110E28110FE5B3401C9D04F44897DBE0CBB5680D42CA4C665FA94A6CED4B559106EB3C06C9BF2C5B14951ECBFFAC8AE
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR.......{.....;Za.....sBIT....|.d.....pHYs...........~.....tEXtSoftware.Macromedia Fireworks 8.h.x....tEXtCreation Time.05/15/06.8.p....prVWx..Y=.+I....t.y...,^vv....;. "|. .i7.....$.2g..']pH@p..]b....H.H.......d'@ B...U.xm..3{3k?..5n.._}U...3......~..>...g.....f..t...t:...p>..Si..d:..k:.Lf..t6.K.i....d<...x.8\.8.+lc...)i.$.r.....x.t.BG.R.cm.c...p.:&.6.4..K.......^...~b].0....oBYv..u.'.=.K.Q.g)6.....4.!.M......4.=....G.%.Sr........nxC.F..t.U........1...J.t..eQ....".... |...81.$D.!.>...........$...^.vY..EY8tb..'.P.g#O....S*..0'.V....x.W..........k.......s.C.S...J%.iVb..].........3....j.}*.z....+.s..@..K.....\x.C..e.Qq.....;N.....;....,....^.*..$F..{G...8.#....8'..&....8..5.....3(P._....S......|".....u.cr....+a-....&V..x...iI-<|a.{E.c.X.......?..&.C....'........(.x....>...M.?.9..#X......l...0...Z.F..<.z.0}Q..Z1..........?h..`E$K.2o.A*c^.......*..D..uL=.}.#*0.. M!.A.C......|_..(.Y........!E... .O...`;....M+..x.u~g...q>...N."D^..K..x..D.`.!.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.3301484922521825
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:6sRAIPNG8VtWqDxEmdPl+pXGIY+p9yPohrdQqr8ndaEBXtHkcLvq5:6sRn9VzEmd9oXqo9AwRQy+f3q
                                                                                                                                                                                MD5:FE1E0E357CF2654275C6EBFDB0A20278
                                                                                                                                                                                SHA1:C00AD0C14EE9C40CA57DCA9250AFCD0EC7D1120C
                                                                                                                                                                                SHA-256:D3404D0D66DBFDD585CCF908C6CBAF713BADFD3243CACC10D1CCB994D5244FEA
                                                                                                                                                                                SHA-512:E838A177137DB3A39484F17F5DE8FAB9ADC74A597A8A5C21019111214F621F577221B916602B06CBE6EE60D4B790D590B09496DD45F4886FE566009B8BAF8B13
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......V...v...J...................................................................................................................................2...>...2.......v...~............................I.......I.qk..B.....LZ..:.......:y.8...*s.J8...:y.8...*s.J8...:..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............R=..(.9..f...L.3....N...^.................v..D.?d`..t.........f........................................I.qk..B.....LZ............R=..(.9..f...L.3........R=..(.9..f...L.3...........:.......:.......:...........................................:j......:T.]....:.......:..B....:H......:..B....:..>.)..:..J...................;........4...4...4.."................:...:...:..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4...........:.......:....#..:............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 17x608, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1873
                                                                                                                                                                                Entropy (8bit):7.534961703340853
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:N9YMw9kGzE4xTdow1C3kyIkyM66KeJY3fOxJ:/h8HzE4xTdoUCUyxyD6LCvSJ
                                                                                                                                                                                MD5:4FC8500BD304AD127AF4B5E269DFF59B
                                                                                                                                                                                SHA1:9A5E3432358A0FCDECE86AEB967319B93A65D14A
                                                                                                                                                                                SHA-256:B4DAA90D5A53FCBC85119050B5B76962443C4DD18D7F42CDC6D4E0AD8EFAD872
                                                                                                                                                                                SHA-512:E5E07054A522EB91EFD39722AFB3776389632B8F5F923C1D29796716D68CEC93BE5E44F79913804CEC7ED631FF520CBBBAAB841E01FB90AF8E8ADF84DCD47481
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......`...."........................................>.......................tu.....45.!#$%1s."fr...2Fq..AQe.Eav............................... .........................!AQR.............?..e4.bbu."m.G......u.S.-Qq.b.a..'#..E.......u.|:.f[O..jS.S.&....=.....[.....S...N.~~...'...q....N.T.Oyf..a.6..%.I.1j.e~.4..[5.WW.Y..Xp.gn...u.......Gb.O.W..k.!mJgfq....~.F.......m..}bn4.5........s,F...z.b)..O..*...5).-.-\....=`.fP....%...A..Q.&..9.....QQbD.%.:u.f...r$.10..W.F.T..MI...9...ZQH._..).....D..n.F].........*.:.j...!6Z..S....0...B.6..Ga..S.O.....U8S_.J.>...i..?..<.P..........M..F.T.C..7.E...`.4BKcMh1j....4y...+.|.^......2[.WG.W..+......E..r/V^".R...."..6..hht..f...........;E..Kx....)}Le.A.x.>..$/).._S.n.L......}..H^Sw...2. .v.io...../.........x.>..$/).._S.n.t^;O.....n...[.S...h.v.io...../....:/...[..7yK.c-
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.481260224496441
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:Os99WmK4T6QZfktUEe8IXq9khuoaKrdQVruqwU46BXQBChTsk+KeCTdCUr:Os1xT6QNkWELIXq9BpKRQ566Ce
                                                                                                                                                                                MD5:31CC158D9306A01CF510DB22C5AE355D
                                                                                                                                                                                SHA1:EB05DC03CBD55F4B7E25EC9FDDF949D3F8E89392
                                                                                                                                                                                SHA-256:7C6AC192137F053A9E5836B0A3A772170C54BFACEF48315F5D844CD171ABD50C
                                                                                                                                                                                SHA-512:6E31464BFC9A097177E23DA91EE4F54FE4F2B70C3690ECDB7E98FA8D8BB91CDAFB68C91027C68958749F8288C78341384DEAF0215775B240465FF37637575CE2
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......n...v...b...................................................................................................................................2...>...J.......v................................I.......I.qk..B.....LZ.g.......g.Y.....1.......g.Y.....1.......g...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............8.......//\..HX.....N...^................Z...P.J.......j........Z........................................I.qk..B.....LZ............8.......//\..HX.........8.......//\..HX...........g.......g.......g...........................................g.j.....g.T$c...g.......g...G...g...H...g...>...g.......g. .3...................;........4...4...4.."...............g...g...g...z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4..........g.......g.....#.g.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 357x69, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):5465
                                                                                                                                                                                Entropy (8bit):7.79401348966645
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:X0cZneDWlIKmXwxacOHHI6EhzNlSSDDgafbofgt7mGrw:XleDWlIJwQHihRdgu8imGk
                                                                                                                                                                                MD5:8470F9A96B6C6CAD9EE60961E96D19B2
                                                                                                                                                                                SHA1:AFE1F01FFA4E4CB06B1D770C9C59DA75B434D1AC
                                                                                                                                                                                SHA-256:2DF453410796AEC7B9EFEC00059B6CE64BCF67313A95AE458BA600EA5DE14811
                                                                                                                                                                                SHA-512:CAE5C2ED091BA49761F0348516D53491E578FB165F32F93AC7DAD927383E9A398B06229FAC6A8233777DF708E5001AE0037A1FA960293BDA49892C40B37F2240
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H.....C....................................................................C.......................................................................E.e.............................................8...............................!"1...2A#Qa.$34bBDSqt..........................................................?.....`0.....O...3Sd..@..5.0....Q.pw....;....!pN.DR....`0......N^...k.=.u.e.7{.b........?z....zV...M.....P:a.SPj.....WRK.=x.2.h..2..AS..s..A..|.Z/f$D.YX1pr......}G6._.~..)j...+.s.r".{..q..-.^@...#w|.H..*.K)....g...y..`0......2.w@.Ro.d....@...K....}...&... y..f.y.0.|DC..>p.[E.2......v..N.)Z..4.RF.D.8]..Z.|f/..+\ID.r/.o........0i..*.G.O..uj..RN. ....j...xnF...Q.Ls.U.c.D0m....z.k.P;f...b.=..L.hH.,./;.U..`sa.I...?*...I....M.0<.u....!..C..U.T.....s.Q......_..7K..*.....?....R\&=.<.u..oQ}WZ..Yu...{Fe3.h...@.s..mW.G..^....1.W.#[.q2.&u.c.G......`J./..X.C....M;.....3k$}.i.3...#/x.m.Oh.}FH]. ..5NNDIS.-.M~...6..w.d....P.;..k...........v*..T..L.P...s.!B.4..w
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 14x341, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):3361
                                                                                                                                                                                Entropy (8bit):7.619405839796034
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:zDqnxqMt6gGr/Nln5ANln5ANln5ANln5ANln5ANln5ANln5ANllHN6:CxqMQr/rn5Arn5Arn5Arn5Arn5Arn5AN
                                                                                                                                                                                MD5:A994063FF2ABEB78917C5382B2F5FA8C
                                                                                                                                                                                SHA1:BD5C4D816B04A2B6596DFE38DB01228F553FACCC
                                                                                                                                                                                SHA-256:D72900E8DA72D1A7F3729971AA558E1E9B6E9CF9A0D51E83852E567256DBBFEF
                                                                                                                                                                                SHA-512:CF2279033DD3EDFE6F6F9E5C517BEBD9A52863EEFD90F57F7A5AE0E0485E705254BE7ED6B50E6CA142669687727AE85E2E6035F69930B75F2E6D3EEFA961EF88
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H.....C....................................................................C.......................................................................U..........................................>...............................8H........59...$%&7F#'Ddf.....................................>.................................58EG........!#124$%&ACFbcde............?...n.p..v..a.~.._.>......#....8.....w.G...&.W...i...%6m..K;...4."...=..?.~......P..O...j.l..AW.jo..,..=d.h.ta..../.."...z|).J.......Ww._..<Wp.3+8...-5...G:..2.D..I>o..K.F;-.....#...`...6..T...M.....OOgV~..5...np...P..TYr...........b..{r.2.9..].DA.%C....=.v.z......CK."..R..l..y}.i..;.{....JzS.....~.?..Z....=c.h~*..p.@(@..G.....O.]...Hsd.xf".V]..S"..w...4e>....3*U.7..|M.x...|\......FD./.cIe.;.bId..+=...w.......[.k>....}.u...j.xZ.....Q4..+.....B....1O~\......I..h....LaXJ%&.w.<C...n/`.W..U.W.U.}~...}>..^.0.J.....@....LN.b.......5W...m].Eu...:....G..:4.=4ixx..@_0=.mab.T.U.....w..~.V.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.316391094717725
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:Y2QsNzvsoMyN4St1xED5vXSSH9w/u+oBrdQqrPr3icBX9jlf/5fHl1:KsBsopNDpEhXVH9Ku+QRQyP2c7fF
                                                                                                                                                                                MD5:EA9965D6CD1078C38245B79AA9B4247C
                                                                                                                                                                                SHA1:650C1C23A340E4B27FA8657BB254EBA9A054017D
                                                                                                                                                                                SHA-256:393BB42A9E16027A8C6EE19C69B1E55D50B217039EAE59426411CC9BF382263B
                                                                                                                                                                                SHA-512:3F517ABF0E9C4AFCCB2E96AC98FC2EB5BBD5BC116B7844B069818358571473901F878BD1C6A9BC30A04A1E34805F1EE9A456881BA7CB7B81BF865BC8B3A5268E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZi<z.....i<z.V....:0Jn..i<z.V....:0Jn..i<z..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............Ie,....'..G.......N...^................K.\(..L.5.ye...........f........................................I.qk..B.....LZ..............Ie,....'..G.............Ie,....'..G............i<z.....i<z.....i<z.........................................i<zj....i<zT.]..i<z.....i<z..B..i<zH....i<z..B..i<z..>.)i<z..J...................;........4...4...4.."..............i<z.i<z.i<z..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........i<z.....i<z....#i<z............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:15:20], progressive, precision 8, 604x784, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):140755
                                                                                                                                                                                Entropy (8bit):7.9013245181576695
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3072:i/aDiblRsFcOco8dofE5Zx1+NQI8Wh9aiOe5NTO:mnbM+TxaAi98W3aiOwTO
                                                                                                                                                                                MD5:CC087700C07D674D69AFDFDA0FA9825C
                                                                                                                                                                                SHA1:F11113DF69DACDB255C6CBCFB29C1D1CCE40B346
                                                                                                                                                                                SHA-256:A7FA7F092EFF43030A56342C39A765F8D5CC48C7DB815DDFC8C1E5EC40117FAE
                                                                                                                                                                                SHA-512:843202D975EFA91E73287052A893584B6E5AE601F91612B56539AA2F73D1AD3F997FCAD1E711E0F483A2E91D46D9643D0B026B43F4E94116A5D2FB6551536034
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:15:20.............................\.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................{.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.......J...\O.,......../$..........OE.m.o......T....Z..l.g.-....m.?...Y....3......"....].j.X.k.S.k.....4..R....{....?F.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.355684956771725
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:YuGs1NsKsrrqXl19tODEuVLfcXnc9ODo1rdQqrzZSkSBXjb0eTr3mtES6l:YZsOqXf9uEuV7cXnc9ODURQyvSCq
                                                                                                                                                                                MD5:54449F90443A91838366A9DEB483FB02
                                                                                                                                                                                SHA1:2FA94F19755330B45D43122875BE985016ED6503
                                                                                                                                                                                SHA-256:FED431768B372AE99960A6604EBF62CF4A741D72784C8FEC460C04048B00B024
                                                                                                                                                                                SHA-512:7D4D40A103E07CC467B991D02CC4D4C240532D41B6DA0658E48CB06F080F5CD3F045FE8112BA8CFEE7339C931A0A2699B2A49746852E6B750F493D93F35F7D73
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZJ.m.....J.m.Y6...81..c..J.m.Y6...81..c..J.m..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............>.tpW}..%./w..\....N...^................x..z..A.8.@Cx..........f........................................I.qk..B.....LZ............>.tpW}..%./w..\........>.tpW}..%./w..\.........J.m.....J.m.....J.m.........................................J.mj....J.mT.]..J.m.....J.m..B..J.mH....J.m..B..J.m..>.)J.m..J...................;........4...4...4.."..............J.m.J.m.J.m..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........J.m.....J.m....#J.m............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:13:06], progressive, precision 8, 570x779, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129887
                                                                                                                                                                                Entropy (8bit):7.8877849553452695
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3072:QS1x1rXglsteJ79wHi4vNQR5yBlUdOSILe9hSj9jeWMPjdlOJ:vvglst1HiwWR5yBA2LeS9jd1
                                                                                                                                                                                MD5:737E96E41D79D3BDACE7AB4F8CBF6274
                                                                                                                                                                                SHA1:E6202A41A4F86B27D9EBCAEF7670B16C0ED67CF2
                                                                                                                                                                                SHA-256:7966F3D8A2D61ECB49A35E163781858E052C0B122A18A1238AFE27B57E2850E8
                                                                                                                                                                                SHA-512:D398C8521DB2FB3F8456FE792CF37472F3B851DD7298DB20E2DB79144F8E846D051878E77E5EF5D00E6840EDB90C6E2D97935BC1023A15FC45038CCE731E9895
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H.....iExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:13:06.............................:.......................................................&.(.................................3.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................u.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...W..I:..*....a....Aa ...w.T.M.v.........3x.......8Y....$.."-..m.I.0~sxB[@..=...:..\.Y?....@O.L;9i..U....?.5">+9.s\Z..vN
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.329408457464846
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:YFsdrMPhVEEr7fhXc9ctVERQyCMh3PMelfD5:GsdrMPhvr7ZXc9CVERJB1Melf
                                                                                                                                                                                MD5:FA6BE5D4EDD0C51AC09EABD8544E78FF
                                                                                                                                                                                SHA1:56F9C5233E54C40BC70F709C3CA145D616238055
                                                                                                                                                                                SHA-256:10C5839544CCEC0D21A5AA4D4376E1B0ACA7D7B87D0ACE45CBB77A2C1C2A6210
                                                                                                                                                                                SHA-512:6EA582EEDD79A5EA5EBC367589452D947752BA1BD93293B97F41545DE060B3FC92F6C8C0699F25071197D845ED52DF6864F87C8DE391CBC7B553F303DD2DFBCB
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ..p.......pP.... I..^`....pP.... I..^`....p..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............Y...+..A........N...^................3..j~@E....g...........f........................................I.qk..B.....LZ.............Y...+..A.............Y...+..A...............p.......p.......p...........................................pj......pT.]....p.......p..B....pH......p..B....p..>.)..p..J...................;........4...4...4.."................p...p...p..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4...........p.......p....#..p............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):84941
                                                                                                                                                                                Entropy (8bit):7.966881945560921
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:X3sWfhTVd+xu6rA6SOONM0/YFXnviDwoPCaNSm+z/ze/fWNj7GfigeKyCGzw+QKW:nsOhdDJOwY1voPCaom+z/zeHAfGihCG8
                                                                                                                                                                                MD5:CB84C108A76C2AFFCAC2551A3C1EAD56
                                                                                                                                                                                SHA1:8BB7C2A12B056C1ED12EBBAE5BC9F60CCE880FFE
                                                                                                                                                                                SHA-256:139BB0E79F89C3DDEF79B1716A5FBAB4C07DF5785FB3CDF6B4EEDDBF6C078452
                                                                                                                                                                                SHA-512:6EF85144E9A7ACD0FF2E52A5FF42093153EFB69127B1C8549EEBC49B6CC196A46B65EE39A2CAD0206F6A41476D8B5B35D29EAC9942B8F84972B32E14CAFEED27
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d....................................................................................!.1A.Qa..q...........".2..BRbr#.T.3C....S$.cs.D..4%5......................!1A..Qaq."2..BR....3...b#.r.C4.............?.......m.q..'O.....r......_.1....8h....?.....O]~..k......GO...''._...!....o........''..g..H?k.......1...?.....z......>...+0..................GO...''._.........}.O.Z|.L?...........?.........[~t.......}......NO.....v.......J.......?..g..H?k......GO,m..r}o.z.....}......dC.9?..g..H_..........?.....O]~...m...C?.z..f....W.=u.B..m..C.-?.a.....3._.?.......o....np.M....g..H_............9?..g..H...../..kO...''._...!~...o.....0.M....g..H.........../......O]~.~...o.......7..+.... ..l?.}........&....3._./....?.........W.=u.C..m..C.+?..o.W.=u.A.^.O....:......_.........}..t
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.332230399834432
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:Yuo3szYE0uDtWUEe+hNGSXGGS9uCoNrdQqrjx3K5BXsVsZ0nBZ:YpssuDBEPWSXRS9uCcRQyF+PIB
                                                                                                                                                                                MD5:15864579F6EC91152FB8E3680642940A
                                                                                                                                                                                SHA1:1143AD802594D83089ABE9A20BF50670762A9F80
                                                                                                                                                                                SHA-256:8615CF92091B5D60091F6C72160ED890612B66DE467C6E7996598A86E36022B8
                                                                                                                                                                                SHA-512:663AD767F91AAB2923A02A106CCE94DEAF6429C3290AC2655159CEF7E5C0A336548B881AD29EE0E428B31BDF1D513D8655222A91B88345AB6401260DB807CA9D
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZSB......SB.?..F..K..l?.8SB.?..F..K..l?.8SB...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................g.Rx...I..WO....N...^...............5.Z...nD....k.^.........f........................................I.qk..B.....LZ...............g.Rx...I..WO...........g.Rx...I..WO.........SB......SB......SB..........................................SB.j....SB.T.]..SB......SB...B..SB.H....SB...B..SB...>.)SB...J...................;........4...4...4.."..............SB..SB..SB...z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........SB......SB.....#SB.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 40 x 623, 8-bit colormap, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1569
                                                                                                                                                                                Entropy (8bit):7.583832946136897
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:KArPoy/sSfmBL0EGEsRgeTLLXFnViAAEslVorlP0i8OmO57EnGAkYelBKMN:9oQPTgeL5ViAe8rQs7HAkrlc+
                                                                                                                                                                                MD5:07DB3F43DE7C1392C67802E74707DAA6
                                                                                                                                                                                SHA1:C173ADB1999065C5E1E6DBEF934B4D4D7AF0CC23
                                                                                                                                                                                SHA-256:51E05999A1C9F17DF28CB474E57DD8E64BDAB824874A532C20A23766A01F8967
                                                                                                                                                                                SHA-512:E509255519D4E521E82332FF418DD5A6BBBC8476399A0D9C3D81542C1CABA535B2D79E5BC90F73F9EE8468643302137671934ABD600FC696F16161C91FEAC111
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR...(...o.....>.c.....PLTE................................................................................................................................................................................................a.o.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.Y.. ..........}%.../].`<..y....V...m.....<....)..;Ki..'9...2.:.c...t..V..d.t;-y.Z.=K>B.."{Lj.~G..|..ENC.!Sw,....";.p..g....E.B..S.-...k..P."..E......l[./D.-.....Q+.G<>.+..b...#..y(...{a.M..J...<....v.W..F.qm.`.....(.mk.nX....l.Px8.0\Z....7G...$*.....&..Z.VJ.~......J.2|...2H..../...=.)q....ZT" .,%..h.p....Z$.!........r...Hh.f. ....P .d..1d....2.3h....;.A.... ....d..g4...A..^.....2.ew..."h...y/..j.h..B.......%.2.%..{r...+dG.=9h....P1...A...c...^h.]Q0.8x....q .!3....ZW"Z.!3...G.vC.GG..".&..X!3.|xB..V.P!.+zS..NX!3.....Nh.y(.Z.1.h..B...Z+....l8Xcu.B...K...@U..@Q...mB...x...&L C....mB.....@kC...Y.,.... ..e\F.B..........y..e\..:$(....Z.a...yn...f..z.~Q.{o...].ln.r....^.@.{..c.7..{...
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.383161459342062
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:Qzg0xsIt5aOtZhzrEplw9X7hS9KysRQywYjSF:wxsk5aSEplw9Xo9KysRJwR
                                                                                                                                                                                MD5:919F05A5D166566C52916288ADE7EC24
                                                                                                                                                                                SHA1:7C66C86528894ABA748F90291879477D0BD6A04E
                                                                                                                                                                                SHA-256:B367F7E4CC7F1A2F5E54E99AC201BC23C37F451CE64140893EFC229E06F2474C
                                                                                                                                                                                SHA-512:433323B6B598599B2C9337B250EAD7C281B3FEFA1C33F305E5689267DD4C9D66114648A86D679D0CF27282761AEA8616B59508C4D5A690CC976D8499C5DD5DB7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ...........p....=.\......p....=.\........I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............(...?...PA.z.%.....N...^...............q.:.D-H................f........................................I.qk..B.....LZ.............(...?...PA.z.%..........(...?...PA.z.%.........................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):40035
                                                                                                                                                                                Entropy (8bit):7.360144465307449
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:MQhziQo1RKGlyyzYjlxuxwRUj/BN837xRmwH2uDTCn8qXFQziN:ThzrSzalg6O563l4uTC8q1Ig
                                                                                                                                                                                MD5:B1DDD365D87605F96D72042CB56572F6
                                                                                                                                                                                SHA1:ADF71DAD1A62B8A58A657C2EDBDD665A19EB846B
                                                                                                                                                                                SHA-256:06E09DE80C3F32254DA4FE6B2CBAD7C05EF144DD54B8C65745E195BBF7317A2E
                                                                                                                                                                                SHA-512:9C686092CC9524F34EA6CEC9AAE936A6225BCC54DE38DE1786EBA8F532959A80FF885E8664A09E4C318D7CA4B278E807D3D1F135BE55F30979B844FF5EC9699A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!1....AQ.aq.....".3.5...2B#s.$%..Rr.CS4&6...bE'7.c.DTtU...d.eu...VFfv.Gw.....Wg......................!...1AQaq........"2..4..Rbr#3$...B.s5Cc.S%.D............?..^.f....R*.N{.{f.....O.r.V.;U..~...U.(..>M._.yI.{8,..^.t...s`...j.O..U5t.&&..h.G.6Da.;.....J.......E..QD...C...}..N...tR.....~..].J:.V$.*.r......]...W......4.[.)6..Y_.....4...........m._'HR.a......]U=.....n...0.W..]..K..){.+...w...f...<|..1/.|.....b..-..y....]U#Ctn.7m.._.|..2I;|....tM....q.q.}.N)....'...9&...nR...R..}.........m._.LZ}u.../K....9.~..?.{....V.#..dx.Zk.:=..:.j].....E#....E~w%....J..[S..[......gr...vb.r]..<..ut..i...[P.w....:..Gkn>......#..m...9km`......t).up.....w....VOR.{&.nQI..}...wD.7Ey#n....MO.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.630587914594161
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:Jstzo2NMD/itmTU9tPE3/LYoXEsNb9uHoJrdQqrwYOyaBXJ5jvMlNFF8elzl:JsyD/iZPE3/fXh9uH4RQyijnte
                                                                                                                                                                                MD5:E5328FB693AABF63ADC26899D941EA31
                                                                                                                                                                                SHA1:CCE4E6A3C0E2A685F1C077181E16EDE87BD85F86
                                                                                                                                                                                SHA-256:6376311DE2107295122FF261840B4F6906A2C40E50FE50F83D967D3119A92E18
                                                                                                                                                                                SHA-512:6FEDDE823B9BB3F100CD074EB75F43DB68149FF610907844DD7C4F06E9B65936E0566BA9220EDE16A4793BCD71C56635381652F681343B314DF86E6A19CBFC95
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>...........v...~...................................................................................................................................2...>...f.......v................................I.......I.qk..B.....LZ.0......0.-1..'.u{!...0.-1..'.u{!...0..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............NN.F.....#.n3!!.....N...^...............G....B@.....)..........f...................................:....I.qk..B.....LZ............NN.F.....#.n3!!.........NN.F.....#.n3!!...........0......0......0..........................................0j.....0T.]...0......0..B...0H.....0..B...0..>.).0..J...................;........4...4...4.."...............0..0..0..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4..........0......0....#.0............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:10:32], progressive, precision 8, 594x773, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):242903
                                                                                                                                                                                Entropy (8bit):7.944495275553473
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6144:YVxOYlZX2kCWfYoFMXC/sBFC9r+4iEGM4rrcPoWmwkU6FJ:+OwZ2kbFMC/L99ifvokU6/
                                                                                                                                                                                MD5:C594A4AA7234EF91E6C2714CFE1410F1
                                                                                                                                                                                SHA1:C0F720D4CE3196852814D0B7347F0CAA0C6FD526
                                                                                                                                                                                SHA-256:10C833E47BE1C8496F949A6B059C2D79212A4DD66BDE62116EA337FA4FE0B654
                                                                                                                                                                                SHA-512:7313F6545A334F9E2DE5430B2DB5C419C4C8A40E075338DAFCD74970BCC6309786946E5DFB57531612BF4C6269495655706D920FD99922FDACFF9796710DA9C0
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:10:32.............................R.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................{.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...v&.F;-v;}FH..Z...N..)Y.......h;C....G.0W..ww...MI..Z+..\.........c..4.1.~.Yo.Y6.&. q...............l.A#.~s?yYg..7ky...r
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.323644757545866
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:YuSsa+ScnOutrxdqwEXMRLlXqdHn9uKo9rdQqrngcSHPBX41aKDJ:YFs3OuFEXMRRXA9uKERQyqE
                                                                                                                                                                                MD5:13DABC23A9600B13791C8B865C178429
                                                                                                                                                                                SHA1:1BA40D764EE5A94E961F5047EBACCD3F11EAA5F7
                                                                                                                                                                                SHA-256:08E48F58E7BA277BDFF851C4765D09D1E294CA98B346131F66F1AC400D5EE567
                                                                                                                                                                                SHA-512:376F5B95EF2DBF6C1E3CDF7E57326612BF1EFE7F3450F0E5826A98EB4AC7FAF0E2787C470C00AD84DB58C3C2B70F04734D7B30F4B67AF33A127C8368B88AF893
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZj71.....j71.....>X/#>...j71.....>X/#>...j71..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'............../.).Z...[.........N...^...............ai....eE.b.p7~.l........f........................................I.qk..B.....LZ............./.).Z...[............../.).Z...[..............j71.....j71.....j71.........................................j71j....j71T.]..j71.....j71..B..j71H....j71..B..j71..>.)j71..J...................;........4...4...4.."..............j71.j71.j71..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........j71.....j71....#j71............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:12:29], progressive, precision 8, 598x766, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):70028
                                                                                                                                                                                Entropy (8bit):7.742089280742944
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:ub4bgbB7g9cKCmSzaNF0jAdAzQKTEFBQqUp/i0yG1pidLHTVX:ub4bIB7Qg2OjbzjgWp/i0yGCZx
                                                                                                                                                                                MD5:EC7811912ACA47F6AEB912469761D70D
                                                                                                                                                                                SHA1:C759BC2D908705D599B03BDB366C951B11F99A4E
                                                                                                                                                                                SHA-256:FBB4573E3BEE1B337077691BEBAE15D6FAC52432405D31396D526D7694A8283D
                                                                                                                                                                                SHA-512:881828150993A8C56E36CDA2051D89C1F6E0322643902C9506392C163E8734A2933A46486F40E5BC8C8D0164E180605E52620EF22FE14540AEA787A38B22E98E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H.....7Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:12:29.............................V.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................}.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....H.yM..? .Z.. .^.x..p.8.A...K.... .\{..)..y....t..=.^y)..v.@.W>. .h.. ..p.:.\)(.$....$.I).....!....E..Z.....&.5.).
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.336057519225853
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:vu1ixGsmOKR0B9lDJYF62tAWPE5VLPjXLz9ezoBrdQqroNBXy0UJ1GS9WhuM7C23:vaixGsIEY02OwE5VHX/9ezwRQyIdF
                                                                                                                                                                                MD5:D489BFE5246BD58BE8F5597F0248695E
                                                                                                                                                                                SHA1:1B2540A358140AB28C0AEFF1D24A07184045EBB9
                                                                                                                                                                                SHA-256:F23D563DAF04D0F32902540D6E40537EC340C671B66470C059B552E7D2F31A74
                                                                                                                                                                                SHA-512:44FF585AAB20F498586E5860A5E846CA55ED423B12BE03C186E715CE40AEED8A76FC6068D6F8ED8A4AFB31DA6EFA8638E8792B9EF4D8EB933B3FF3E6CD2A9290
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ?.".....?."k.6...2X...8.?."k.6...2X...8.?."..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............(.@.g.W.5z...>l.....N...^....................hgN..x.j?..........f........................................I.qk..B.....LZ............(.@.g.W.5z...>l.........(.@.g.W.5z...>l..........?.".....?.".....?.".........................................?."j....?."T.]..?.".....?."..B..?."H....?."..B..?."..>.)?."..J...................;........4...4...4.."..............?.".?.".?."..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........?.".....?."....#?."............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):24268
                                                                                                                                                                                Entropy (8bit):6.946124661664625
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:d2wiieoHTRh5a1HAteZCWOZIM+L7WhNjYn:8wHFHJ+/OZIKhNO
                                                                                                                                                                                MD5:3CD906D179F59DDFA112510C7E996351
                                                                                                                                                                                SHA1:48CDB3685606EDD79D5BCDF0D7267B8B1CCBD5A8
                                                                                                                                                                                SHA-256:1591FD26E7FFF5BE97431D0ED3D0ADE5CFC5FA74E3D7EC282FD242160CE68C1F
                                                                                                                                                                                SHA-512:2048CBA13AF532FF2BCC7B8B40541993234BD1A8AB6DE47B889AF3F3E4571F9C5A22996D0B1C16DD6603233F6066A1A2A97C16A6020BEDD0826B83BAD0075512
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:19:29.....................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................$.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....)......[]t.\Z..g......A....&D.$LH._..X..Xl...`....cZ.X.........>......f.Z.X...]..~L.S..@..I$..I.IO.....x...s.g.[f.h{9..
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.316962962418197
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:ysSQmfZO6aS++tIwrTEEr0OXZwO92ao1rdQqrDpKqYBXgtdVCGl1:ys2RO6aSfawkEfXZwO92akRQywqYcVl
                                                                                                                                                                                MD5:AD510B1E2CF65F096F7017D0C156453E
                                                                                                                                                                                SHA1:A94B70FB8E3C92E095F686D0222B3D6470EB30CB
                                                                                                                                                                                SHA-256:A8878F1CD960CC4865CABB4080428A880CA2E8348050E9890AC8E9BDE800CC37
                                                                                                                                                                                SHA-512:CBE52D5D7140E5F7A7E2B86C290D832DBB91455EBF680E1FCCD750DE7473CFA33265C698B50BF75F71A4D0B9E0928944997A02376E90DA652358FD2D9D9606C1
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ$;......$;.P......!S.x..$;.P......!S.x..$;...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............#........m.......N...^...............1{.PN..A......2.........f........................................I.qk..B.....LZ..............#........m.............#........m............$;......$;......$;..........................................$;.j....$;.T.]..$;......$;...B..$;.H....$;...B..$;...>.)$;...J...................;........4...4...4.."..............$;..$;..$;...z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........$;......$;.....#$;.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):47294
                                                                                                                                                                                Entropy (8bit):7.497888607667405
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:aQ10VrIBdBvDpQrQ7P9/FUOLG2vTSeG9lkCsMKzXeMBk3CBp:aC0JIBL+QsOLG2+ZAC1KqM2I
                                                                                                                                                                                MD5:7A450E086AD14BA7D89BA5DB3D3AE6C7
                                                                                                                                                                                SHA1:E7AEAFCFCE476390E18C19456BDF6529D863D518
                                                                                                                                                                                SHA-256:BDD997068701ED3A00A224EB694B003C01AC69B857FE7B4147D6C34875B1632B
                                                                                                                                                                                SHA-512:9B6D50A6CDB6081DA107A2CDDB1BD2811A5764994C8E3F67D56CA81084BE0D068C27435154E867199F38688EA65E8DE02A56DCAC47D0F5E55F0FBB6598814938
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..A..Qa"..q..2.......B#...R%.r...$&b...3Ss.4dU6F.cE..'GC..t..5eufW......................!.1..AQ.aq..".....2BR......r.#3.d...b..Ccs.t......$4T...SD%5Ue&Vf............?..M.7(..).:.a.q.......>..[:O...afQ.uCO..U.....go.l..p..YqVklQ.{i.w&.]Z.\+JQw._.n.'.h..,.bj..X.].k&.Q.>gU..f...1|....[...jQ.%Zb.......t..........*..V..j.6....Vj..i.....?...IY.P.....$.j........[l.....S.4.J9.U\.......7I..[..=*N5....xW..../...=?n....uG.D..S.>...8..3........n.S....]k.*...4.>.R.o..{..l.H.#.^....<amG.m&.......,....wDY.W.m.X....We.IR.Nu...y..Z.l.._S.mr.m...y.]m.R.MT...6.5.5}.K..#%..k].7.Y.q]...%.r.7.R^jR..z.K.T[t.a..d.)glW.r.v,.`....O..^..o:.Uc.\..D....f..D......yt.Q...Y.....
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.470083163442552
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:RWs2RpB16ua2T0joHtURhbCyEwL6FLdXmF928oRrdQqrbKBXyyki16zOtDGhl:RWsWrT0joHQhb9EwCXmF928IRQyGXMh
                                                                                                                                                                                MD5:67F131F0A97949583F065FFAAD0FB5AE
                                                                                                                                                                                SHA1:33D5E3D7C242F03FCF48239A3C2F74D6827D1572
                                                                                                                                                                                SHA-256:D4202584B6C2A221553BBB1C6FB092E7A913992F514AD4534ED254098AC293A8
                                                                                                                                                                                SHA-512:A8D633DEEA16787FB134B0D6310396E092AB7A5F844597456E721D72D295E5FF95F84D9F14BA6738050E4F80E3CE75C9ADFCD42F6B0B5FAF0C4253542DF21E0B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......n...v...b...................................................................................................................................2...>...J.......v................................I.......I.qk..B.....LZ.?.......?.R.E.......5..?.R.E.......5..?...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................."....#7..m\.....N...^...................^.K...m.j..........f........................................I.qk..B.....LZ................"....#7..m\............."....#7..m\...........?.......?.......?...........................................?.j.....?.T.]...?.......?..B...?.H.....?...B...?...>.).?...J...................;........4...4...4.."...............?...?...?...z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4..........?.......?.....#.?.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 60 x 336, 4-bit colormap, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):347
                                                                                                                                                                                Entropy (8bit):6.85024426015615
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:6v/lhPtnlx/QulkWNY2V18A6Akp7eee1VDjMHCyLezyKUX5Gp:6v/7RrIubiA6AkpNhiyKe+
                                                                                                                                                                                MD5:78762C169F8B104CB57DFF5A1669D2DF
                                                                                                                                                                                SHA1:9638B71B584CD636834016A635ABF8D9C0887711
                                                                                                                                                                                SHA-256:E64FDCD0B108737D8B8F7B677029F924031D6BBAA50585D9C3DEF7C7E92ECAF2
                                                                                                                                                                                SHA-512:5ED899AAF73B72DEC32E171FFA112382667D5BF3FBA98C92E313E66C0A6975EA97068F4CD32B62283F18DBD5345C11E3610F7EEAC2F2DE71FC44593180B9CEAC
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR...<...P.............PLTE......................=l......bKGD....H....cmPPJCmp0712....Om......IDATh......@..aI...B..C..l...^.%.`....>.]..|0.....a...hb...0......q.......p"....;...K..x=...p...y.yy~J....|...\.......y..X.......'...>1...Ky..f....&........N`..f0..b...3.......`Z.3..3.....o.......4.&........SV...4.....IEND.B`.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.345884333807034
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:mM2sGA+vQFBt/q+E6kXU9wz4odrdQqr8yyqSBXC/IF9ZCKPHR:Qs4QFBbEzXU9wz4URQy8n/f
                                                                                                                                                                                MD5:51344602ADBBF192344F260576A88BC0
                                                                                                                                                                                SHA1:8D22C529AB94CAC1DA59B7BD0FCAF75A0A94FB13
                                                                                                                                                                                SHA-256:9B16DD374AE22A0604D3638E3F304282A5D6EB74567BCDB88E8A641C725B570A
                                                                                                                                                                                SHA-512:8D55FC4976E042C0D0992820C2D33FF8B9DDCB7D39BA8F379056B4B3564E729B941073020D9691AEB9200BAFA463AF1F5FBFE3A2F1E2015F9C508F43002B6F29
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ.......... ?U....+.U..... ?U....+.U......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................w)...J.P.o......N...^.................i.B..J..............f........................................I.qk..B.....LZ...............w)...J.P.o.............w)...J.P.o......................................................................j......T.].............B....H........B......>.)....J...................;........4...4...4.."........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4......................#..............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 40 x 617, 8-bit colormap, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):827
                                                                                                                                                                                Entropy (8bit):7.23139555596658
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:6v/7Hs2NwBW1mtjeSfaTHHy05riYUtr8y8PQvPYzzg979Reip0QPqc:oOsotazy4rStr8y8PQIzWea0Qv
                                                                                                                                                                                MD5:3E675D61F588462FB452342B14BCF9C0
                                                                                                                                                                                SHA1:86B62019BC3C5BE48B654256B5D10293FC8C842A
                                                                                                                                                                                SHA-256:639EADAD468B6B32B9124B1F4395A8DA3027FF7258D102173BA070AE2ED541AE
                                                                                                                                                                                SHA-512:E6EA855B642ED36FA82F8E469A826DC57EB0C36E307045FF8D166F67AF9242C87840833BE31FBE4706DC54100E999D6A3D3A78D0633A3114735818874AD34758
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR...(...i..........`PLTE...................................................................................................bKGD....H....cmPPJCmp0712....H.s....qIDATx^...0.Cg.;......@j..2c.=~KP.[H~..@..8...?U.g.n.a=.=.).....3..u^(.....L....5..........8.}..T.f.n.a=.=.).....3..u^(.....L..r....s..8.....W]....,..9..G?.a..`c.z...E.p...)Y.P.....#....@9.7].....,..9..G?.a..`c.z...E.p...)Y.P...`b....0.b.+~{.Pu...1..<..0._.l.@O.y.(...V3%..J....s... .(g.+.qyWu...1..<..0._.l.@O.y.(...V3%...%R.L.Q..x..R.<t.o......7.............:/.E..j.da@i..`b..Z......u.>.?...7.............:/.E..j.da@.Dj..9.W....s. .....:.......L...">w..7... .....:..."...L..."..a....D..Ya.l....E.{.@&.|.._...7..D..Ya.l.....{.@&.|....0.J.."z.0s..s....=g ..>........"z.0s..s....=g ..>..l..1...y..g......IEND.B`.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.339933834339001
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:Csyl6y2poXEXnWoXUo9m60RQysaV6X5/Eun:Csyl6y2q0XnWoXUo9m60RJdV6X5/Eu
                                                                                                                                                                                MD5:C7166B4B79A68DB4146401F8F7547963
                                                                                                                                                                                SHA1:3BD29FF29417DC192B143089CAC53992EA3D4D6D
                                                                                                                                                                                SHA-256:430A335D93F92DAC0EB01C19D8459DDF465C88126DF3D8C72CBE5BA1B35163A9
                                                                                                                                                                                SHA-512:9018D17D2DCB6795C2AC23CD6FAB67F53AD71051D34220647C3C50F18B14D845744C86EE7BAAEE833A61E5809DA37671013EFD84DA098BB1FBAC968EC6471EB3
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ.'+......'+.z..<........'+.z..<........'+..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............E.[D.\...B.cV.......N...^..............."MKM...F...;)..........f........................................I.qk..B.....LZ............E.[D.\...B.cV...........E.[D.\...B.cV.............'+......'+......'+..........................................'+j.....'+T.]...'+......'+..B...'+H.....'+..B...'+..>.).'+..J...................;........4...4...4.."...............'+..'+..'+..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4..........'+......'+....#.'+............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 50 x 600, 8-bit colormap, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4410
                                                                                                                                                                                Entropy (8bit):7.857636973514526
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:E/pQuIhKZ7u06dICH3AroiTe8DGTl55poBUmLNjpH7MvDHjfm:MpdZtPbknnRPpkLNVMvu
                                                                                                                                                                                MD5:2494381A1ACDC83843B912CFCDE5643B
                                                                                                                                                                                SHA1:98F9D1CC140076D1AE5A9EA19F47658FD5DF0D66
                                                                                                                                                                                SHA-256:5EEBE803E434A845D19BC600DF3C75E98BB69BD0DE473CEEC410D1B3A9154E28
                                                                                                                                                                                SHA-512:0E64CC3723DC41D94910F7ADFB6A0DFB5049350FD15A873695614E4A89ABD78B166BA4E9C8CB95E275FB56981539DECD2A7F28FBC25E80DD5E2DEA8077CC9489
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR...2...X.......E.....PLTE...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................B..(....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.].\TU.?3"...(..L........q.Q...H.*j......W..Xd.ie.f..%.XT...em..m.m.vkik...>.}..}|..{'.U..~......}....s.............,CVu.x.:C..5...;.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.315694188816229
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:YVs6kSdcr7isPEZnf0cXXlL9emxwRQyBAe5IKB7IO2F:Ws6bcwB0cXB9eowRJ6YIKB7INF
                                                                                                                                                                                MD5:38923075D79BC139F40E22DE95DCEB10
                                                                                                                                                                                SHA1:3FF6BBCA248E38B93D52AFBE6CAEB42F1F6AE645
                                                                                                                                                                                SHA-256:52EB01E04873D4F9A27BDC0325AE228158C5430954051C04A5E39F8A2DC9B6C1
                                                                                                                                                                                SHA-512:7AD873DD0D214226EE501E9F90AB09DA579ED5F6364176F56F685FD9FB96314AA4A94E15C68444775FB06937AC161928E4AB4C7F4A753428448035D2D2329D8F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ.............."..&.........."..&.......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............O4.s.. ..X^..w....N...^.................f.[.y@.y.U$..E........f........................................I.qk..B.....LZ.............O4.s.. ..X^..w.........O4.s.. ..X^..w....................................................................j......T.]............B....H........B......>.)....J...................;........4...4...4.."........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4......................#..............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):136726
                                                                                                                                                                                Entropy (8bit):7.973487854173386
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3072:SIXmy5Tl704vW2ZKkvV8UU0ZWUF0BJwySIdgz816YzDc1+opecYPn:Sny5Tl704fZFV8UU6LGXwyS4xohpQPn
                                                                                                                                                                                MD5:4A2472AC2A9434E35701362D1C56EDDF
                                                                                                                                                                                SHA1:16FA2EA2D2808D75445896E03B67A93000EEDDD8
                                                                                                                                                                                SHA-256:505F731CB7707EFAB2EB06685B392DC7E59265A40B55AAE43E5DC15C0A86CBA4
                                                                                                                                                                                SHA-512:5E28D8FB2AC62ED270968072A30013334461F7CAE96058AF9EAA6E10912989DC47112D2133892BF61F7A516B77C6FF71BA2A000B750A9F95C787E538B09595C2
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQaq".....2B....R#..b3...r...C$...X.....Sc...9.%'.(Hs4Dgw..T..5GW.x.)......................!.1..AQa"2.q.......B..#c........b6.Rr.3s$.&..S...C4.%5............?.........(......(......(......(......(......(......(......(.G/.GE&...)..P.x..B.({i2Y;.z?G...Yfc.)H..^....#.....}3..Sc^.H..+...M.a.P.....GS.....H_.3..<....1f........1.<.\..nn-..s.s.\9Y....=.......S.0.......N..cA..Io..r.3..........ay.....K.....,.;9..Q......xO.Fa.2..>........{4k.....|....?U....3.8..._/3....#.. t.y......yY.......e.<........#.....B.....Z.%.Y..S.ye.W4...l.......X...%.@y}>....l.yi..D..W......L..._D.Q....)...E....n.%...*..K.4#.8`..I....h..h.o..I......-...hB...3..u.(5..........n...,.@....a.t.9.....@.s.>.&...@
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.351657248947452
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:+s3AduER6/A3AMCtBiEKHLBpLXxhvL9qy9ohjrdQqr+2BXmBLR6/LGvj1bpl:+sc+KAMCeEKHDLXzvL9qAgjRQyNbgd
                                                                                                                                                                                MD5:7E78A7E56C9143A9760F8AD5E3706575
                                                                                                                                                                                SHA1:06580F0F0AC800B266C0C25972BA3389CF41F934
                                                                                                                                                                                SHA-256:40A73A7A18E8A7FEA4C77F7D8F759B438C8ADF47FC915A1D2EE27F99A5FAA2ED
                                                                                                                                                                                SHA-512:DD74B83D1882557D2FCF9851CD38212267A24A08356B8928B3894044468D915EF88D87947DA7E5D868490A3615B3034B574840C7E7C9BC4DBA59C1D89FE9D69C
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ..j.......j.....,.i.m.;V..j.....,.i.m.;V..j..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............'?......B.R..x....N...^...............u3.G.H.S.Y.E#\........f........................................I.qk..B.....LZ.............'?......B.R..x.........'?......B.R..x...........j.......j.......j...........................................jj......jT.]....j.......j..B....jH......j..B....j..>.)..j..J...................;........4...4...4.."................j...j...j..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4...........j.......j....#..j............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 77 x 627, 8-bit colormap, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):5136
                                                                                                                                                                                Entropy (8bit):7.622045262603241
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:djzuNKb3XHco17p2wolIxIx7lpskdsC/ddWNKeabJbMojpxLDTu1:VzuNKb397pwlIxKp7qs3bJb5FBTw
                                                                                                                                                                                MD5:FA38AFA965141EA3F17863EE8DCCDE61
                                                                                                                                                                                SHA1:2B4611E651AF7549C1AA73932B1136B561A7602F
                                                                                                                                                                                SHA-256:E1CB1A0EC9BE62D5445C73AA84DF38234002A7E164EE830C9DF24997802CB5D2
                                                                                                                                                                                SHA-512:A372674F5CA343321BA9C413D346070709F7685706C9C6C3DC7F61846B59253A5E6FE800DBA10AE870FD3887439B2AA106FBBB51751E92A163938A4393C43E28
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR...M...s.....}8nv....PLTE.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................z`.....tRNS...................................................................................................................................................................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.394374484064583
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:zWYRXsBwv8id/Eq6AjG/atyeEBfXxW9eIo1rdQqrie5ke/BXidy2TinF6pNr1B:fRXsSEq6QG/a/EdXE9eIERQyDh/LJg
                                                                                                                                                                                MD5:B64D2274C09EF58063C7C8E178D6FAC8
                                                                                                                                                                                SHA1:242A7DBCF5B9B6C6864A38D1A3F897D482BADA47
                                                                                                                                                                                SHA-256:F2380A05ADBD5EF103DAB412BDF4F6978D9D1FF10FA6CE4F9A2981DA71A92743
                                                                                                                                                                                SHA-512:D6A336B8A9B8CEDD71C6B021BCC4341238FD06CD124991492EFAE85F351DC695BB81528E1CA4B8569603685F83CB97D63F4D906681B0C990D21517AE9DD0E4A5
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......h...v...\...................................................................................................................................2...>...D.......v................................I.......I.qk..B.....LZ............u>.(....`......u>.(....`.......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............4q......o..>.....N...^............... ....[.L..x............f........................................I.qk..B.....LZ.............4q......o..>..........4q......o..>.........................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):52945
                                                                                                                                                                                Entropy (8bit):7.6490972666456765
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:cjvqR0XvFaGCTJffi0tgybmWDoTw71kHUAnjvawrlp2+NUO8dWSNl3PF2PjK/q09:cyRffflgybmWoTw1UUADHUbU21MjpAD
                                                                                                                                                                                MD5:AD003F032F32FAC4672D4CE237FA5C5B
                                                                                                                                                                                SHA1:AE234931B452F0D649D91291763B919CF350EA49
                                                                                                                                                                                SHA-256:ADB1EBBE18D6CD8FF08AA9BF5C83CDB83BF9AA179698E34E93DBCDDE12F04D32
                                                                                                                                                                                SHA-512:ECA25FA657ECE3A66D3E650628E0F65D3BADD38864C028AB6553950A1A66D7D55482C85E9E565573E9E5AAFA91C2D53235971C644A266D41EB69F8E72E3A843B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQ..aq....".....2....BR#r.b3$...C.Sc%...s5E......................!1.A..Q.aq"...2...#...B...Rb3..$..CSr...6............?......y_N.e.H7?........W..w....k|...S..d.4.>.RW5z.$.i.)V.O....>o...c..*&1.D..O..".ufbb..1...t..u=..K...m...~.....F..-.fb:i..=f..C.w.[{..~.7k....;..:..3....4.....$..m]...}....~q...9T.#..7.~..8...q.N;c..ffo.w...W..d........../t_........lWJE..).>..v;:=....Rrw#.m.n.n...E...vm.J}2N*..|.4...80.#..e....t.J..ZQ.x|g/....F..e....k+vK...M..W.X.e.L..~...j.....kz....=...n:O.:..[.L,.+R...Y..zKNI....,..{e..U.'...}.......|..t.]...~...b4......_.i..../.......m...a..n...v.j.?..Rc.$G|.31..#..$?.........h.w....-... .a.%z..u......u.A....Fm..J.......G..[...w.....:....w/.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.426462589151577
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:RsqWE62WYEb/XL965lRyoxejcGGwjruO:RsqWE6rb/XL965lRyoxejcGGwj6O
                                                                                                                                                                                MD5:1FDA9B6EAE850ED75099801170ED6455
                                                                                                                                                                                SHA1:CBE9D11F8A9397C3ECF5CBC1F72A8B68362ED4AF
                                                                                                                                                                                SHA-256:B921DDB24C202A2A5E22977F862C1E9BBE655CD12C2EF8828B20FF220ED4559A
                                                                                                                                                                                SHA-512:9CD3303261253F7BFD4C474BFD4BF252668CD47E94AB818A9A3171CF518A6F9158139A912BC075DA7F9F0B674ABDC222703A9FCDE165017CB24E16F0DED829DA
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......h...v...\...................................................................................................................................2...>...D.......v................................I.......I.qk..B.....LZ............A..ir..".......A..ir.."......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................A...+...........N...^...............)...C.C.......-........f........................................I.qk..B.....LZ...............A...+..................A...+...........................................................................j......T.]............B....H........B......>.)....J...................;........4...4...4.."........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4......................#..............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):79656
                                                                                                                                                                                Entropy (8bit):7.966459570826366
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:2kuUliOeU4os8ii3nF3Hxro/qxXD9u/kjYgMZqoEs6ZUldm:3uUsOXYIAixR2k7WAZV
                                                                                                                                                                                MD5:39FF3ACAE544EAC172B1269F825B9E9F
                                                                                                                                                                                SHA1:2D40DE8D90BD21D56314D3F99CEF4FBAE3712C0F
                                                                                                                                                                                SHA-256:70475431CCA3C91A4EFA3B8F04864371D2D3A45696674A1A0562FE9CD8DB287C
                                                                                                                                                                                SHA-512:3B9F3B32696AB7779864E83DC0C45960114A130BEE0CF4D0643DE57FF952171E5D775AA49141EE31A28A9B5D052B26EB421F26EA736D7EF4B3A7EC812CA411CB
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!.1A.Qa"..q.....2#..BRb..r3$.Cc..Ss.4...D%5&..T...'7....................!1.A..Q.aq..."2.....B3.r.#..R...bc$4..D.s%............?..Y..T.o.\......=.a..j..'^..s..[../........Y.......<...(..4.....7y..Ln.[9.cK.ilN...u@$.V.9.V?3..s.KL.z..w.jW.C.............@.~+.o?o8...k....,.m..9.".....q.....d....z.W...q...~...'..e..>..f#...S.....F....pU.......7..N.vfK......S..G.#.....}.c.........RXt.bq1.`.....[+8\.*.N..:......}.....r..........')......Na...&...m......c...a4_%d.............co..0.n.L.Q..E.Lt..y.|..F..4.i(>.._..\.eNL8..?z9I:hLgC.@.p....g.t......'.I!d..?1f..R..........|..4.wJ*..%g..~0bt.....*...v.......O...:.~.>~..o.x...9.@>...s.&.E.0/G.c..t.<..F.t.A.z. ......;.........Gp.P
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.481547248961092
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:0s/qCI8R+KqE7scX+sc9DfgRy2Nrw5lqwJ:0s/q78R9H7scX+sc9DfgRyGrw5lqw
                                                                                                                                                                                MD5:A49E1F72876FE86412026DC5C918BA19
                                                                                                                                                                                SHA1:DCD24EF2980E50CB6131BC742130935D913ECE69
                                                                                                                                                                                SHA-256:DBB76ED1669E1EDB09557CF08F7F5E46F9AF91C5324100B23C3DB4E0AA3B9080
                                                                                                                                                                                SHA-512:A78F6D39C04E70EC2EDD5CB6698BF39229673A86A3AC1CE5CA481B6EDA8510CDA5753D04594F9871963E05233D2528CC9630B95A0B7A9C0713D34623236A6023
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......p...v...d.....................................................?....?........................................................................2...>...L.......v........................................g.......p.D.9.I.......I.qk..B.....LZ..g.......p.D.9....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............dv^.....+<R.......N...^...............w.TLv."I..}....5........f................................... ....I.qk..B.....LZ..............dv^.....+<R.............dv^.....+<R.......................................................................j......T.].............B....H........B......>.)....J...................;........4...4...4.."........................z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4......................#..............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):40884
                                                                                                                                                                                Entropy (8bit):7.545929039957292
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:MCBOA4d+ElOXJ/3pI7cRBiL7L6qERqGz65WXzZqJsKQSbIsTT6XB:hIAU+2cGdLX6qBG4WDZl4Ihx
                                                                                                                                                                                MD5:7379775A1E2AB7FAB95CFFCE01AE05F3
                                                                                                                                                                                SHA1:3D3DDFD8AC7E07203561BAE423D66F0806833AB3
                                                                                                                                                                                SHA-256:9301DB6D2D87282FCEE450189AEACE16D85F64273BF62713A3044992B6B7A9E9
                                                                                                                                                                                SHA-512:4B5006E620E80D3A146944649CF4CA619782CAD7E8C4CD0D1DE0EBCA0FA05EACB7378DAFCEED3E26F5698B07F19604614D906C8F51F898660E2F129D8DEC6F62
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1A.....Qaq....".....2....BR#S..br...3T...C$.7(Hx....4D.G..Xh.cs..'..t...%...8.....................1...!AQ..a...q"2.4Tt.......R3S....Br...#s...Uu.bc.de..$D..6..C%E..............?...z...;sB.yv...........]t.\...n...../....m....M.=.3G+..x+.....S).*&.J../..8..O/+..sG...p...<!....~.c..C.w..,[oHom.wc-.J.~.......L[..6...'..i_..S;...!Y.z.q].EK..M.x...i.x.+.;.+...}....#......f.)........e6V..p.;........s.)..Ml.J......IU.6...<9+9.^..l..Y...[._...2..^..j.ia...._..3.;...~..<3...;......z.^.......]..Qk.,...Yk...3.3Jy^p.}....q...I...&..t.......;..9.g.GH;..'...%...)..[..y..../...zCn..>...'...1e.Y..;....]..7...N>t..m-.j.............H^..T\.q.ru...}...eTn]I'r.^].#..wOY....v
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.33110258928505
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:YudY542sWTa80AV4t1A1Eft+TXA9LWofJrdqrHAC4RXB5H5h:YccjsOJV47AE1+TXA9LWwRygC4r
                                                                                                                                                                                MD5:867229E0DA7E83F81B5A5E312B397303
                                                                                                                                                                                SHA1:DC32D068935FE859276243F09EBB0972351D71DA
                                                                                                                                                                                SHA-256:F76E17FAA451D8359E0CF5AEB72227414E81691C0F81BAC1A7A4D0F80062901E
                                                                                                                                                                                SHA-512:CA2614835967DDC0386E91E33BFE88ED754A2A7CBAA6263D28757FF63DB5D2CF53BC8B71ECB0D79140BE2C188927E1A92ED54002913C56220AF7701D218DDCCF
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ..e.......e..d....?.....e..d....?.....e..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............f.d.~...9D7....I....N...^.................q....N....{..........f........................................I.qk..B.....LZ............f.d.~...9D7....I........f.d.~...9D7....I...........e.......e.......e...........................................ej......eT.]....e.......e..B....eH......e..B....e..>.)..e..J...................;........4...4...4.."................e...e...e..z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4...........e.......e....#..e............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):68633
                                                                                                                                                                                Entropy (8bit):7.709776384921022
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:tapXpSTJDOkFGdJdBk/slsbfsw1imaapnbvD8:U2OjJr6b07m1bvD8
                                                                                                                                                                                MD5:41241EE59AB7BC9EB34784E3BCE31CB4
                                                                                                                                                                                SHA1:98680761A51E9199CF3C89F68B5309FBEC7EE3CB
                                                                                                                                                                                SHA-256:035B26DF61855A3F36DBD30FDAB0C157C04C9E8AE2197EA4D4AEB3E82E6A4C2B
                                                                                                                                                                                SHA-512:3EE331D5BCEE4AD5D3FC9661D4AB4053F7D351591A094334F963C33C9D0E32CCCABE9334AD7C308108CE99617E064FE848DCD469ACD8D83FBE5C4452DE523D8F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:05:55.............................d...........j...........................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?../$.W:SZ./...9.....-...u......r.....].c...@W_.7...+......v.+PD.I..-<1.pDn-\.....p.$....0.}V....\..>.~..XN.o..l(E....ik..o.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.47515995815553
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:5OsiQifnBs2MLHtQ0G3nPEg3LaJJvevfBXVcG29VtQoJrdqr0PbRXB5U/8uY9wuY:5OsLDLHOEg3AmXBX49TQQRy0Tk0NL8
                                                                                                                                                                                MD5:0CD3D736DAA3915CAC75EF0304B49CC3
                                                                                                                                                                                SHA1:789060915C8D5B71F9EEA55B6F67C3D3C9645652
                                                                                                                                                                                SHA-256:36AD909A59BEA7AEC9A75C8001A209994BEC12BDACDBF38115F91B76C7D9B1F1
                                                                                                                                                                                SHA-512:87E4E30DAD9D9A2FBB680F88B64111BD74589936B6B7A21B59E2900C0CE197128AC50DB690F827B86EBEBAED0BE381F6C0D5BD98A594CAE489ED90C69AD707EA
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......t...v...h...................................................................................................................................2...>...P.......v................................I.......I.qk..B.....LZ`-R.....`-R..[}.$,.....`-R..[}.$,.....`-R..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............mE%Z.....&ud..I.....N...^....................6V@.d..:...........f...................................$....I.qk..B.....LZ............mE%Z.....&ud..I.........mE%Z.....&ud..I..........`-R.....`-R.....`-R.........................................`-Rj....`-RT.]..`-R.....`-R..B..`-RH....`-R..B..`-R..>.)`-R..J...................;........4...4...4.."..............`-R.`-R.`-R..z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4.........`-R.....`-R....#`-R............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 176 x 513, 8-bit colormap, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):11043
                                                                                                                                                                                Entropy (8bit):7.96811228801767
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:YyroOCsBI9pkCFsHHX2RE6VOlPuIqmBtJNBfAr+ADP1IATaNeTyZ4GF+WQQ6Qwq2:BUOCsB2kCGH32RiPDtDBfArPDP1I/eyM
                                                                                                                                                                                MD5:8E9AB9C28B155A66BC5C0DA5E2A4EFB5
                                                                                                                                                                                SHA1:972E61F162D48F1CEE21963ECBB2FE439105DB55
                                                                                                                                                                                SHA-256:B243A24FA13BC8523450E22F408F9EFF15301C938F8CA52A57018B58CE6785DE
                                                                                                                                                                                SHA-512:12062D69E676B3B34AFCEF25AC17B40294282D5BAB6C0110680293D7CC96EC17EBCFE104C284E64A30EE3C483E319E9C37C03F6EE82C79632180E45C7A684E8C
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR..............`....`PLTE............................................................................................... .......bKGD....H....cmPPJCmp0712....H.s...*YIDATx^.]...,.N.8.i......0..e..y.......8.6....Fo.........=...F..._..........O..{..............3.|.L.|.............>.....v..n.1J...k...."....7........J._.5LQ`..k...._Z.W.x:..k...g..._.....u<.Q{...1...q6.cs...l............30.g...< W...a.5..>O....9}..c..........s|I.).>.fo4.<q......>...c.:.u..co.#.7,.O..G./.K.|..q.p...(.(....iH.......m..+.7...../..{W.l....b....?.`^.q.9L&.>.hN2`1..m...]$.0J....rBy......{.._...G....;.r.Q..;..,...9..F...t;.+..2.Ub......V...8.k..5.........'[..s.H..).......%j._.&.....BN..V..q...T...#..........0.E&.o7....$..m..8g.f._$..k.8...5......HgQ...L..\.........)B.I.r.(..8.a..$N.9.=..o..Q..(.e.a..O.....c.= .......$0..X.S,..(p......$..l.c.I...=."......g....^..#~,&.a9iK..ZNE`...pFJ.@Wd?.<..Bt.E.......e...i.%d...}.!..B......9.........B}.....5...;..hL.D.....4z.....|.)
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.327068358876614
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:4EesUHKDCMwtBOumSuEQL4XSyC9/KorBrdqrTzNGhRXBQ9hyol:4EesjD1wwEQ0XNC9/K+BRy/NGhO
                                                                                                                                                                                MD5:2FD12CCDAB16B2E35D87BB28CAD3CD76
                                                                                                                                                                                SHA1:351B17F87FBDD1607FB10F3B8596F0D1CD0345FC
                                                                                                                                                                                SHA-256:23F62380508412C6A53832E8055EF6A626FE4A707F1F55A789977BC48A66275B
                                                                                                                                                                                SHA-512:D49F5AA4FF79A401256099F1A938523980B4050A933AF1098F55E636387F68C8BFA4BC08FAFE83D4B227D3343ABF04A4D451307ED649967FCC78EBBA6D54C9D8
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ.j.......j....o...w.7L+..j....o...w.7L+..j...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............l.D.l...'..q..C#....N...^.................t..{!K..W..;.)........f........................................I.qk..B.....LZ............l.D.l...'..q..C#........l.D.l...'..q..C#..........j.......j.......j...........................................j.j.....j.T.]...j.......j...B...j.H.....j...B...j...>.).j...J...................;........4...4...4.."...............j...j...j...z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4..........j.......j.....#.j.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 40 x 650, 8-bit colormap, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):647
                                                                                                                                                                                Entropy (8bit):6.854433034679255
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:6v/71rwqZMXVs99W1YvpLp/Fvl+f43ocLtuplb+CrGotLRd:+wqWXVs99rpLpNvr3pIx3b
                                                                                                                                                                                MD5:DD876AA103BEC3AC83C769D768AD39FB
                                                                                                                                                                                SHA1:1833603AA9B6A7E53F9AD8A336F96CCE33088234
                                                                                                                                                                                SHA-256:1262DD23AD54E935CFA10FEB1BE56648E43BEF1116696CA71D87E6E033B1CA7D
                                                                                                                                                                                SHA-512:946DB2277213104A3B29EC4388578B05027B974A3093B4CCAD8847397AA51AE308BC6A199E5705E1F901D6E4B1BA34D8DECFD6E5B6685184A307D749D7CFAEDD
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR...(.........xk....`PLTE.........................................................................................>.S.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.)..1..7w....6.*.H`T6.ha.k.............b!....Ba..C..P.4K..@.....h.E..X....PX+.P.-.....@@"...o.O4....xZ<...B...B..,A..y.s<......b!....Ba..C..0_p. .......=..,...i. ...=.j..N...........{4+...xZ<...B....|.....$.K<.vyE..X....PX+.P.-.:... .'p......\,...i. ...=.j........K.....%J..S+.....q..k.H.@DD.s...:..J.K.DDL.\.@`,.DD.:.(]..N....KD....A M.....F..S+.....1.sq........\.t..;..../...~k...4.DD.:..]..N....KD........@DD.s...:..J.K..[...Q....V......IEND.B`.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.38205907953456
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:Wsz1u0i5RXEjFdXXp9X4X1SRyK4SMH+gilN+QJmzn:Wsp+52xdXXp9XG1SRyK/M0Z
                                                                                                                                                                                MD5:5E5819BC982242E4C5247DB0C7EF9A9F
                                                                                                                                                                                SHA1:69F96DD33FC87BF4A88BD09AED28D8BB9AFF3A77
                                                                                                                                                                                SHA-256:9719D6FC33BAC3C01EC39217CC0CB11873F741BE8980F2BB5BE3FD497C99073B
                                                                                                                                                                                SHA-512:CFAD9AB3C74C45B70F0CCCB1FB81FA7B49871B2023D13AD2B357E76E39C6D6EA5CA30331527BC71954C3223A39FEE622B3FD8D77742C4369F655DA8C8FBB10E0
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................I.......I.qk..B.....LZ.r9......r9U.............r9U.............r9..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.................7.......5z......N...^................*[k.%}G.....=E:........f........................................I.qk..B.....LZ................7.......5z..............7.......5z............r9......r9......r9..........................................r9j.....r9T.]...r9......r9..B...r9H.....r9..B...r9..>.).r9..J...................;........4...4...4.."...............r9..r9..r9..z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4..........r9......r9....#.r9............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:27:10], progressive, precision 8, 102x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):52912
                                                                                                                                                                                Entropy (8bit):7.679147474806877
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:DB/nIviNJD9C8kfJj6TkVr4q24FsUpjPc021si:DdnIvi3D9C8Cl6Dq24ayPCz
                                                                                                                                                                                MD5:1122BF4C2A42B4FA7F29D3C94954A7C9
                                                                                                                                                                                SHA1:3750077A830FE21735A43ABD35C63BA9A4D4B0DE
                                                                                                                                                                                SHA-256:423B0DD1A93B391D15B1DC8D8757C3BF5725FF2E7A59E6E3140033E2876B67F6
                                                                                                                                                                                SHA-512:4626EFE2EDED2361D6296B57F994DC434CC9D02357A8A6A67D84A544FB8A1CFE0005EA98F846AB963BED7F2B6CE96BC9181182C9459843A52A98D3A731A4FE73
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:27:10............................f.........................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....]+\.9.9.P.d..Z.?~>.-...]6=....*.......S.9G...b<$..Z..........>.v.o:.o%.e...z.F`...[.wo..z.....k..E...5....G..7.......c2..
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.35357181463757
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:OsNzbg9lmJ7o4tJkRr7cblEkYvE4Xecc49f+oFrdqrrsRXdNNRz2upA+RZK0n:OsJ6lmJ7o4rk18Ekn4X649f+ERyQVV1
                                                                                                                                                                                MD5:1708C75F3F4757C8C5459B54A136975D
                                                                                                                                                                                SHA1:7C523D61ED5125E91A9A73FA540B058C6A1A4E65
                                                                                                                                                                                SHA-256:93ECAF5CA84D42B7FCEA1040CA4EE2D15729C4CB64808566A9742254021F9F0B
                                                                                                                                                                                SHA-512:7CDFF01E4D0C9B5CE5E9232A1755A030DE1F09B42397788303D3C17421222A60592014D5B74A8D04BD920D927C1781E82B80D580DF3B36A354B754D6B492DDB7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ.N.......N..'\..=.s.8.W..N..'\..=.s.8.W..N...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................t.v.%.r.L|J#....N...^................i.'6K|M..&.B.S.........f........................................I.qk..B.....LZ...............t.v.%.r.L|J#...........t.v.%.r.L|J#..........N.......N.......N...........................................N.j.....N.T.]...N.......N...B...N.H.....N...B...N...>.).N...J...................;........4...4...4.."...............N...N...N...z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4..........N.......N.....#.N.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):27862
                                                                                                                                                                                Entropy (8bit):7.238903610770013
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:LTawAZvhbrXzDc6LERLQ/b5vXOl6pXQ/wD5OUMrdRUUhCplQg0ESSz:6wm/vT/b4wxoqbdUhWnSs
                                                                                                                                                                                MD5:E62F2908FA5F7189ED8EEBD413928DEE
                                                                                                                                                                                SHA1:CA249B4A70924B73BDA52972E9C735AEC35A0C5D
                                                                                                                                                                                SHA-256:20ABE389C885E42B6EBE9E902976229BB6FD63C8C34CB61AA70B8B746209F90A
                                                                                                                                                                                SHA-512:EE8D1821A918BE8714F431895E7223D08036E88A4FDB9A5485EFF246640EE969A69A8AA4E2E9DDC35BA75FB6D4E95092A286E90B477BD6998C313639C2C31F25
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:18:09......................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................!.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..P.v..+..n(a..Q..S\6....Y....D......} w#.b..]l.5.RU..k...... ]$.$.........f........?.z@2uU...7....?..|.Q..I.&.. ......"T4)wdH.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.49790140314317
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:jGs3ESHf6Mt9KQisE5zD6XIA9jko1rdqrKMFFRXjbeNysD5:jGsPHffjK6E5/6Xv9jkURyxFJpi
                                                                                                                                                                                MD5:3C56C841CDC97E21783056DE5B30B583
                                                                                                                                                                                SHA1:AC463D92DDC2C12A2216C9D60F594D31140873DE
                                                                                                                                                                                SHA-256:236C422F6E18F14654FF277CB4AA74EAC68B2B16A27DE860E6C21169B992AB53
                                                                                                                                                                                SHA-512:B0985F61540516A9F2AC0EECFC751E6929598D5FD1BCA9AE9DFD9A856F10FC456E70D81F197434CC35198C937C989C44EDBFBF689B7636103695CC18676A073D
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......r...v...f...................................................................................................................................2...>...N.......v................................I.......I.qk..B.....LZ.FM......FM.vt....v..i:.FM.vt....v..i:.FM..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................A.D..!.L.@}......N...^...............s: .Q;@N.....1X........f..................................."....I.qk..B.....LZ...............A.D..!.L.@}.............A.D..!.L.@}............FM......FM......FM..........................................FMj.....FMT.]...FM......FM..B...FMH.....FM..B...FM..>.).FM..J...................;........4...4...4.."...............FM..FM..FM..z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4..........FM......FM....#.FM............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 50 x 556, 8-bit colormap, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):977
                                                                                                                                                                                Entropy (8bit):7.231269197132181
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:6v/7QiFJaY/z+obuqFA4fypjQSbtBK+lcqNGSbb7XTJArRRzN5DjNRkPmu5cCbR2:x0QY7xbjy9pY0JPXLTWroeuCCbX0
                                                                                                                                                                                MD5:B7F74C18002A81A578A4EE60C407A8D3
                                                                                                                                                                                SHA1:70A7D4BB1B3ADF4397D168AD0D81B286F88EBDE0
                                                                                                                                                                                SHA-256:95F59A0433050180D4C0E8858B83363D51BEA6752A8B7CA516A8677854D8F5B6
                                                                                                                                                                                SHA-512:13186A7CDCE80BCA9D2238666D6D7A989FA1887EABFA5D8A9A63EEC304DFD4BE8EFF652205FA56E1D1CEE7D3680AF8C70A952AF73AB3C246400E8D4EBECBDBA9
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR...2...,........A....PLTE...................................................................................................................................................................................$.y.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^...0.D_.......cck.....%a...X.a0Y...-..!.G...[....(.r.H.$...1 .zq.4V.e|a.6.X..4..kl.%....=w....6..TN.....{.4..T/.z...../.....3..!~..t.#b..^.....E!.SFb ...-.....^...,..C.!.b...i._c...s.X.w.. lsQH..H.gKc@@...i. ....m...;Ci....@G.; V{..lO..\.R9e$..{.....P...E.+.2.0D.B,..P...56.?......K.6..TN....^z.4..T/.z...../.....3..!~..t.]b........E!.SFb ...-.....^...,..C.!.b...i._c..Y.O...?.9k2.M.?5 .n.P...,...d._..%M?....6....,.1..R.4.a.R.+..U.Q..P...vd..T........j .]@....."..lJ../.90.4...Y. ...9.%...{......Hc%.....i..%M?aG..H....o.q.......4.......X.d9.r..CI.O.5.Ri0?.s\b....w...>/k..4V.)Y....P...vd..T........j .]@....."..lJ../.90..2..MP..l..?....K.X.....IEND.B`.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.36922627406859
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:vTaDswCnzrYkvtK6E3VpLbGXml9fd9oVrdqrSxRRXWs9grWyo6Qpxt:vTaDskkvzE3TOXml9fd9MRyWRrD
                                                                                                                                                                                MD5:2E239453BF7782116BAEE55AA4126FC7
                                                                                                                                                                                SHA1:116D18784256C52004864EBC5BB72B88F0919ACB
                                                                                                                                                                                SHA-256:90D2786C41ED0BE8CCB6BD19EF71ADBCC2BA19EFA5E1E180F52D4BD9BF382E83
                                                                                                                                                                                SHA-512:D64BAD548070B339E72C635BEA21A20107978688642A7E98784C9790E0C3F02975EA99C3F337087C3EE9DE8C676BB6D4ABDD9B9E9C4586632EADA9EEFA1536F9
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z...........................+R......+R../.t.7..<s..I.......I.qk..B.....LZ+R../.t.7..<s.+R...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................U..\.-F..K(.}....N...^...............v....UHF..fE..;.........f........................................I.qk..B.....LZ...............U..\.-F..K(.}...........U..\.-F..K(.}.........+R......+R......+R..........................................+R.j....+R.T.]..+R......+R...B..+R.H....+R...B..+R...>.)+R...J...................;........4...4...4.."..............+R..+R..+R...z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4.........+R......+R.....#+R.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):34299
                                                                                                                                                                                Entropy (8bit):7.247541176493898
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:BrSX4V3P8AIc4KLkHeXRUer0zrhOmXfvG0yH82I:tSXuIc4K2eBtswKsHg
                                                                                                                                                                                MD5:E9C52A7381075E4EBC59296F96C79399
                                                                                                                                                                                SHA1:BE295AD24D46E2420D7163642B658BF3234A27EA
                                                                                                                                                                                SHA-256:D56CEFE9EE2FAE72E31BDBA7DD2AA4426EA22E3CEB22EF68C8F63F9F24D5A8BC
                                                                                                                                                                                SHA-512:95CC96DD4459EBAE623176033BA204CCDC50681A768F8CBAE94C16927D140224E49D5197CAE669C83C77010C5C04C1346CF126BEF49DB686F636C5480342A77F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.......................................................................................!.1..A..Qaq......".#4.2r3.$.%...B.5U&6....Rb.Cs.7..cDTEFVf'...S..dtevw.u.........Gg.....................!1..AQ.aq.2....."#3.4....r..BRb$CS.D............?..5..............#....v.q.m.}\..{....;...r....h.....J..q|..'.;\..6..v......e...../.k..|.8..i..|..]..3e.m....n..Z.GS..n".y..w.-...[a...7A.....i.4.)9\..~C...=.........s..\V]c.D1<./.g.l.&v..~.h..]....zb>G..y:vNS.\......LU....t.{*..Z#.?..v-...wn.rR...P.....y\=.v....../..9_...m4...V.|.+.o.#.......xj....}..>.s.>C...m.[;.>.p...=^.i.X.(..1...{.F#N.W...xi.z...4..u[{...yO.....8..}\..2...KlX.nbya...2.&.F...R.b.k.7.GV.x.h.y\.Q..O<\>......-...=...r......\......Z.Z...Jf.'....z..Y.q>.p....o..K....h..R..c.lg?......A.Z...Y.q3.L|.'5...
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.346345034839108
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:Ksxm9Vz9ytpgwEHSFLkLXzL9zwoRrdqrPmiE0RXfheZB05:KscVz9yLEyFQLXzL9zwARyP1E0EB0
                                                                                                                                                                                MD5:5D190380894FB7F9EDECBF53BDD84F91
                                                                                                                                                                                SHA1:A24B479AD22488C0994212E791081661BD954F82
                                                                                                                                                                                SHA-256:08DCF5F846B2C63DB16EF8EA1EB963E5ACC66651F3361A63D5BADB354F2A2CF9
                                                                                                                                                                                SHA-512:D2A6DD46438EAE8748CE5730065BDB01B4467399324B3DD7EFDBE829BA4465D080AD3868FC69ECAAD550D3178B188F1705BC3A2B0BDAE99D81A6707C21696898
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ.........K....H..&.....K....H..&.......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............4..;+..7)W.+......N...^.................d~.. I.s...}qj........f........................................I.qk..B.....LZ..............4..;+..7)W.+............4..;+..7)W.+......................................................................j......T.]............B....H........B......>.)....J...................;........4...4...4.."........................z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4......................#..............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 171 x 552, 8-bit colormap, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):10056
                                                                                                                                                                                Entropy (8bit):7.956064700093514
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:edmu1fpj5DVHuooK4EpGLbAdT+dBXYBR8D1V2p6KwoPR6KUX9ojwRpgA:2Pp/B4LbAF+dBo/1E3S6JScpgA
                                                                                                                                                                                MD5:E1B57A8851177DD25DC05B50B904656A
                                                                                                                                                                                SHA1:96D2E31A325322F2720722973814D2CAED23D546
                                                                                                                                                                                SHA-256:2035407A0540E1C4F7934DB08BA4ADD750FCB9A62863DDD9553E7871C81A99E3
                                                                                                                                                                                SHA-512:BC7DC1201884E6DAFDC1F9D8E32656BFAEE0BB4905835E09B65299FE2D7C064B27EAA10B531F9BECF970C986E89A5FD8A0B83F508BBA34EB4E38B3F7F5FC623A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR.......(.....!..t....PLTE.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................4.....bKGD....H....cmPPJCmp0712....H.s...#.IDATx^.w`......$..B....... ....fz5..6`l\.8...Nsz{.//y./....{.7}g.....e.....~.......s...f.....%c...6....O.PJ...Y.oi...9..'j.2..6.-
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.299045589699967
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:OBss2qq6rIatOPgqEXh2aL1lQX39v46oRrdqrQBNtRXKduh2M+:esN6rIaIrEfxlQX39v46wRyQB/52
                                                                                                                                                                                MD5:C21451775F4EBFCC6988239139B1EBC5
                                                                                                                                                                                SHA1:394AD4AFEA06EAC12902841CAE66981ACC8B1CD6
                                                                                                                                                                                SHA-256:663DC16FF20E2D8948F9F83A01D7C26AFA3AD85CE7915796AD9BC0400B56D0C4
                                                                                                                                                                                SHA-512:1CE6E5BAF0EB7CD908C631F5AE244634F93F0519D4783F4A0DA01CAEC256FA0A98FC3B9EB1F93E047FAFA0F413342C6A93075350D4452178021165B72AD1D336
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ.1S......1SCz.#...#..X.F.1SCz.#...#..X.F.1S..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............#;W...3.....l.yl....N...^...............j..j7onD.r4>............f........................................I.qk..B.....LZ............#;W...3.....l.yl........#;W...3.....l.yl..........1S......1S......1S..........................................1Sj.....1ST.]...1S......1S..B...1SH.....1S..B...1S..>.).1S..J...................;........4...4...4.."...............1S..1S..1S..z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4..........1S......1S....#.1S............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:11:38], progressive, precision 8, 577x757, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):84097
                                                                                                                                                                                Entropy (8bit):7.78862495530604
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:cgHTEuD99rHwA5MSadIV2MApVmfJkAKOQ/Z1I7ngpDDyHfKFVITrU:HHjXidIhApV88/jIEmrU
                                                                                                                                                                                MD5:37EED97290E8ECB46A576C84F0810568
                                                                                                                                                                                SHA1:18D9FACB4CFA3CBF63B882CABCF30B203EDF4126
                                                                                                                                                                                SHA-256:140DD943D0F0CFE6AAA98470B7D1A7CB62CA02CB1D8F522DD2AC77433232EF41
                                                                                                                                                                                SHA-512:E0F57314C136211B8253EB2AC0093DED82198E7170D4F97C40D82FD4EC4123D2AAFE3EB4EBC3E7523C4DF4D77619408773871BDE15B6DC6C4049C71D5B9D4222
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H.....hExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:11:38.............................A.......................................................&.(.................................2.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................z.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....b.xH......T..I...S.q.~..../s.R.x.....8.a..vE.5...-.G.A.4...._......$K..d.@NC.q....J.....>e".I.%...I0).R.I$........M3.F .
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.332392144747241
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:jsyPQHWmVYYHt5GEMxQXOsD93TocSrdqrVpRXq78IW1FhEt8YQl:jsfKYHaE/XH93T8RyP1
                                                                                                                                                                                MD5:94B27E2516B883C0583A6034BA58B24C
                                                                                                                                                                                SHA1:033EBF60C5E8EDA8D7E4CAA89A349BC99478836B
                                                                                                                                                                                SHA-256:19D27100884A83FFA82261BA122DB713EFC98DEFE9A98E9F283594F54A9B3329
                                                                                                                                                                                SHA-512:A83287C0F81E2108769B2C24116ED88993715D7B6A642C087DCBA52A67DEDC914FD4AA6EB3DB68A2C9E7DC23963BFDB83EB823F0F5ACFD6EA6AF0C8F9A758F2F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......L...v...@...................................................................................................................................2...>...(.......v...t............................I.......I.qk..B.....LZ............WK..=u.Sz|.9....WK..=u.Sz|.9.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............=.......#f...E/.....N...^...............0.s....F....5..k........f........................................I.qk..B.....LZ............=.......#f...E/.........=.......#f...E/.........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4........................#...............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:26:15], progressive, precision 8, 216x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):64118
                                                                                                                                                                                Entropy (8bit):7.742974333356952
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:ORG4azGOKXzkEmR4bdRSbxONOoz0khbSb4J/5GZK5SWUlRwUYdv1M:ZXzGXzJdhRmgHfIb4J/5GZK5SWUldYdq
                                                                                                                                                                                MD5:864EEA0336F8628AE4A1ED46D4406807
                                                                                                                                                                                SHA1:CFCD7A751DFDBE52A20C03EE0C60FDFFA7A45B93
                                                                                                                                                                                SHA-256:7CE10D1EA660D2F9CF8B704F3FAB2966A4CE2627D9858D32C75D857095012098
                                                                                                                                                                                SHA-512:0CAA0C54C14571C279A75F0D5922F78A17803CF6EE1724D66819F7F5944C0F5B25CB586BB686A52808CDF2F8FEB3E4864052A914884054EF7DE44124A8CA951E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:26:15.....................................................................................(.....................&...........s.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................#.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....NC+n....<.=.7..&.8A56..@^.Q..\\...E.>..".&G.......J .'....$.I)........0.../..mv...D....<v0=..ugc+..l.o...=.c.......x.&D..{`8...v
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.341170248744597
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:Ks4Sht33ujtqYLqXEpBIXyI9TVo9rdqrvCdwyRXYh9Jfw+:Ksf+j0tEMX79TVERyvuMf
                                                                                                                                                                                MD5:E6CF0E07C09B3E71EC6A7C20F3B8534C
                                                                                                                                                                                SHA1:0DAAC4A78CEA0A6BED41D89FBFFD89C00BFDB91F
                                                                                                                                                                                SHA-256:631EB7A46BD2CD9BF1BA35D49F63976D58CFC114DAA519ACDF069E1F0052CDB5
                                                                                                                                                                                SHA-512:DDA8913209E1307E94B997AF3F28B4D3D0539509B3CCEE823A2000574A182CD6AE6D4D2C5DA33D58080550738C22C5547C7CB502335B7C467EC20EFADBD6A9F6
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZj.......j...2M-.".....k.j...2M-.".....k.j....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............1.h.....x...:......N...^..................Ke..M.h{(H...........f........................................I.qk..B.....LZ............1.h.....x...:..........1.h.....x...:...........j.......j.......j...........................................j..j....j..T.]..j.......j....B..j..H....j....B..j....>.)j....J...................;........4...4...4.."..............j...j...j....z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4.........j.......j......#j..............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:09:29], progressive, precision 8, 609x675, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):65998
                                                                                                                                                                                Entropy (8bit):7.671031449942883
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:klZtmExaFrtWgpc+Sg+DKeplHClpHfRtPMbe:VEWWl+SNDKqlH8p/vse
                                                                                                                                                                                MD5:B4F0A040890EE6F61EF8D9E094893C9C
                                                                                                                                                                                SHA1:303BCBA1D777B03BFD99CC01A48E0BB493C93E04
                                                                                                                                                                                SHA-256:1F81DDE3B42F23F0666D92EBF14D62893B31B39D72C07AEE070EAE28C2E6980E
                                                                                                                                                                                SHA-512:8F07E4D519F2FD001006BB34F7F8274B9AF9EC55367B88D41D24E5824FCE4354FD1290CE4735E43930829702ED53F41DF02C673904A7091E9354C28E029AD4EF
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:09:29.............................a.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..-O..s(...gO..@...[..+....+...H.'m........L.......@.......[k...S..O..p.'{X..3......]W..w.+.V....[.-.....2..i..i$.p.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                Entropy (8bit):3.253226359901884
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:A/s5aLlK3K+WEcEqyWXKXW9bo4q3xIR0HqBOs:A/s0LluHcoWXKXW9bUxIR0i
                                                                                                                                                                                MD5:96C847FA315006560E0F5CA7867F6634
                                                                                                                                                                                SHA1:03207C233F18614E6ABC2A13618C130B9C60C492
                                                                                                                                                                                SHA-256:8F02A9E6A964011BD8DC76F111EB059EFD354D93122A663053508ED14AFDCA33
                                                                                                                                                                                SHA-512:5D4298BD1E19C9AA9225CC8BE9459C697403A30FFF5731A870A39DAC6081C822A7BF7CF2342C72EDED303840800DFF49805AD3AC3ABB4C1221EAAEDF90CF4F9B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>...........v.......................................................................................................................................2...>...j.......v...............................=.......=..S.R.. .Y......I.......I.qk..B.....LZ=..S.R.. .Y.....=....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................/..;.6....!.r....N...^...................`..J...<`..........&...................................>....I.qk..B.....LZ.............../..;.6....!.r.........../..;.6....!.r.........=.......=.......=...........................................=..j....=..T.a..=.......=....D..=..H....=....N..=....?.#=....9...................;........4...4...4.."..............=...=...=....z...y.. x.. ...........$........4...*..7*..7...........Op.b..F.$..i.................;........4...4...4.........=.......=......#=..............................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):32656
                                                                                                                                                                                Entropy (8bit):3.9517299510231485
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
                                                                                                                                                                                MD5:DD4CA4BC0A73FCB71BEBAA3C29CB8F66
                                                                                                                                                                                SHA1:1A7085771D7941540EC94A1BD24D7CC8EA556D4B
                                                                                                                                                                                SHA-256:0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
                                                                                                                                                                                SHA-512:5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:....l...r...1...*...^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+*@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+*@..$..........?...........?.........@.......................}*E
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):12824
                                                                                                                                                                                Entropy (8bit):7.974776104184905
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
                                                                                                                                                                                MD5:2628353534C5AD86CBFE57B6616D46DD
                                                                                                                                                                                SHA1:244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
                                                                                                                                                                                SHA-256:69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
                                                                                                                                                                                SHA-512:2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}*f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F*.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.|. ......EC..............1.\
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):32656
                                                                                                                                                                                Entropy (8bit):3.9517299510231485
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
                                                                                                                                                                                MD5:DD4CA4BC0A73FCB71BEBAA3C29CB8F66
                                                                                                                                                                                SHA1:1A7085771D7941540EC94A1BD24D7CC8EA556D4B
                                                                                                                                                                                SHA-256:0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
                                                                                                                                                                                SHA-512:5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:....l...r...1...*...^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+*@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+*@..$..........?...........?.........@.......................}*E
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):12824
                                                                                                                                                                                Entropy (8bit):7.974776104184905
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
                                                                                                                                                                                MD5:2628353534C5AD86CBFE57B6616D46DD
                                                                                                                                                                                SHA1:244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
                                                                                                                                                                                SHA-256:69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
                                                                                                                                                                                SHA-512:2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}*f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F*.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.|. ......EC..............1.\
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):32656
                                                                                                                                                                                Entropy (8bit):3.9517299510231485
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
                                                                                                                                                                                MD5:DD4CA4BC0A73FCB71BEBAA3C29CB8F66
                                                                                                                                                                                SHA1:1A7085771D7941540EC94A1BD24D7CC8EA556D4B
                                                                                                                                                                                SHA-256:0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
                                                                                                                                                                                SHA-512:5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:....l...r...1...*...^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+*@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+*@..$..........?...........?.........@.......................}*E
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):12824
                                                                                                                                                                                Entropy (8bit):7.974776104184905
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
                                                                                                                                                                                MD5:2628353534C5AD86CBFE57B6616D46DD
                                                                                                                                                                                SHA1:244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
                                                                                                                                                                                SHA-256:69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
                                                                                                                                                                                SHA-512:2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}*f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F*.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.|. ......EC..............1.\
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.325800282756972
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:Y9sqj/HLb+EyaBXh9zKuXRboCMViFGVOT4:WsgHL/yEXh9zFXRbX
                                                                                                                                                                                MD5:7DEF3432A1793DAD139B1A337ECC8E1F
                                                                                                                                                                                SHA1:E96FCE996A1B41C7F4FC6EAD290038A2F342130E
                                                                                                                                                                                SHA-256:5524F07F6915E42DF342BBA8B3B71815832963828A0295E79AC2E5BDD0416BC9
                                                                                                                                                                                SHA-512:FDF10D451A1C50FED45092513DA3C62F4433E4B7EFE8EB73471CA38CA08DBE3215513E36911817FA2B2D6361267F3D9008EF97AFE0E548FE2E01E6D29FC47D96
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ..8.......8.(PK.".B.......8.(PK.".B.......8..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.................y../.M.j.9....N...^.................b5f.IJ.?..Nh3.........f........................................I.qk..B.....LZ................y../.M.j.9............y../.M.j.9...........8.......8.......8...........................................8j......8T.]....8.......8..B....8H......8..B....8..>.)..8..J...................;........4...4...4.."................8...8...8..z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4...........8.......8....#..8............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):39010
                                                                                                                                                                                Entropy (8bit):7.362726513389497
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:6tCjwO+E+KW0ZtOgepcoWW4pAWQ6/KWcR474HOAZaDfK:68j+E+KW0HOgep/72/NKWcRNefK
                                                                                                                                                                                MD5:9700DE02720CDB5A45EDE51F1A4647EC
                                                                                                                                                                                SHA1:CF72A73E1181719B1CC45C2FE0A6B619081E115E
                                                                                                                                                                                SHA-256:7E6A7714A69688D9FFDF16AA942B66064A0C77FCD9B3E469F89730B4B9290C3E
                                                                                                                                                                                SHA-512:5438921467D62376472007B9EBF3C35C9D9FE3EDE04D99A990129332D53EBC8EE2555C0319A4F7C0DF63516F29CEDF2171D8B6DC34C9FCD075C2CA41EB728660
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!1..A...Qaq..".......2BR#...b%&6..'w.r.3f7W8.s5EUeF.g....CS$4.Vv..Tdt..G..(c..u.Hhx.......................!1.AQa..2.q....".s...3.4BRr.#......b.$c............?........uf.....t...;..[...W.h.....-.k.f..i.u..KQ..b.F...rM%/.8n.S..=9.....G$O;.f.}L..N..U._i.[.X...3.~....S.~..+t$...c.5......{..X/..#.G...}s....6......^....o~.$.\WA?...^*w[O.~..6..~....a....~..:..0.......{O...|.s.u._w.........i...........{K...._.?.../{.....A..8....<g.iu..<..................X......|]v....D..9.k.w.|-IF.Tv.-.&.........."'.4.b....z.._.Z.....G...u.xyt./_.q..m>..S.V.Xdc.bw.T.W......g..........}s.._..?....U]_.......`......>.|'.~xH....,...?........?.q....o../..R..;...Y.G....A"?......?.<..1...w..o.M.........tco.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.394626237344212
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:zWSXxsAzyrgFB5UJtsZyEr+JZLX8L9kqj45rd3ruhxSdXKnQ2WgIoRXdPJ:HxsmHUJWIEq9XQ9kqURb1LW
                                                                                                                                                                                MD5:BFAD981A400340E44E838A12961BD813
                                                                                                                                                                                SHA1:23B7997065175A2F29A8B3866C236A45B4C69E4F
                                                                                                                                                                                SHA-256:880DF508FFABE93E879D55713FA4E739D56A9FAFDA3EE117F9C02D5A27453705
                                                                                                                                                                                SHA-512:0EABE8841077598391F263D60B59FCC74675B0A5D6A92ED2DAAFA10D62719616ECD007EF515A64CBBC437D4CBF603DAD5F3B723A45537910978907F2457F09FD
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......h...v...\...................................................................................................................................2...>...D.......v................................I.......I.qk..B.....LZR?......R?..]cj.;...q..R?..]cj.;...q..R?...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............7J.t......<.|....N...^...............N9..<..A....?.$7........f........................................I.qk..B.....LZ.............7J.t......<.|.........7J.t......<.|.........R?......R?......R?..........................................R?.j....R?.T.]..R?......R?..B..R?.H....R?...B..R?...>.)R?...J...................;........4...4...4.."..............R?..R?..R?...z...y.. x.. ...........$........4...+..7+..7........................;........4...4...4.........R?......R?.....#R?.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):25622
                                                                                                                                                                                Entropy (8bit):7.058784902089801
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:EhK81gTCyJ/Gf9Aw3t8w8EtdPeGDh6bEi1Ie1u4ZbvgwTwrSRh7ZKNpIGY:IjcRXwdJvtdGsUbEi1IeY8vgwTyC1+Y
                                                                                                                                                                                MD5:F8CCFC24DEB1D991EBE085E1B2D7D9BF
                                                                                                                                                                                SHA1:AF76C22A765434AEDA134924C517C84107F4FED5
                                                                                                                                                                                SHA-256:7354001527AB554C44E7D6981B86DD933B7DC2E0D3DC8512AD3EECD843245C52
                                                                                                                                                                                SHA-512:818BC3690B01B30BC571E4CF45EC8D1AFCAECBAB003532644381F1CF730A5B3486862D08F7579B2D3D89167AD7DF35028881245C9550B0DA23D1F81A720A9704
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!...1A.Qaq.........."2Rr.#.t6..B..3S$4..v.b..Cs.%5..8..cUV.(.DEe.&Ff...T.d.......................!.1A..Qaq...s4....2r..S"BR.3....b#C$.....c............?..D.."}:......&&...?3..W.q*.......]...m.Y.k1......K).J...uV.b.../.0.E.H..4..W_T.[t.V.w.9.x.qe.L..o.oL.....d.\.....6.|.o...}..H{Yn..E...6Y3.l.e..D.:,.n.%...t...m.........,+,..|..n.....6.*...f........6.../$../Vi..H...e.f.F.zn.).n.E..2sTn.i...Yb?6+H&...Bf..*....z.o.^7[..u.:o....t.s=.....(.s.....f.g....q9o.u1L.N...smzE..[>...+\O....j.<....j.c.W.............U..+.F/.'..W...T./W...>i01./....j.s."..Q...{...a._~OW...Rp.)*.e..W..Q4)<..'..W...q...'..U..z..g......U}...O....w....0F:.N..V.3W.|..'z0.]...j..U[v..g$D.Lc[.e...UW.m0+
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.319278592740464
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:YdhBsmlCefg18EmJrXHyim9cZoRbvX/5:4hBsmRfSZmJrXHyim9cZoRb//
                                                                                                                                                                                MD5:825B9E09C2DAE4695E920A53582E803D
                                                                                                                                                                                SHA1:156E3B073B77332AF45153C22B81D936D997C9E8
                                                                                                                                                                                SHA-256:8F153AD17929B26021D5E7BBD7F33F1AD817D24390347EEBEF8B8874E37D9A16
                                                                                                                                                                                SHA-512:8681C8EF456391FA0A541A00D0633D41A014F0123DD13E68CAF10346BF4069CFDB929E6DE1A2ED794F87746C1A962C1544D4D870CBA6738705318342FEF1DB6D
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZw.......w...YF..?7....kww...YF..?7....kww....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............[8.x`...?..!>......N...^.................:....F..g..u1.........f........................................I.qk..B.....LZ............[8.x`...?..!>..........[8.x`...?..!>...........w.......w.......w...........................................w..j....w..T.]..w.......w....B..w..H....w....B..w....>.)w....J...................;........4...4...4.."..............w...w...w....z...y.. x.. ...........$........4...+..7+..7........................;........4...4...4.........w.......w......#w..............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 50 x 500, 8-bit colormap, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2033
                                                                                                                                                                                Entropy (8bit):6.8741208714657
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:P37XYSDTz+UUl7DHt7Ah8l1+4ZfFclFUXwobKXlZr:v7j3z+UoDN0h8ugf2AwobMN
                                                                                                                                                                                MD5:CA7D2BECCBC3741D73453DCF21D846E0
                                                                                                                                                                                SHA1:E34B7788498E33FFF0CFB00125E6BA9E090F6CED
                                                                                                                                                                                SHA-256:E9EAD0BFC09D32CB366010CDFEDE1C432A2D1D550CB7332BADAC1BEE9482BC86
                                                                                                                                                                                SHA-512:7FE2C3654262B1EEBED4F6D83DA7D3450E1BE52500A3964185FC0092041506A237A2728E5D7EEA0A3814E413E822B803B789C49CF744D51816A2E4EDE5B4247B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR...2.........H'......PLTE........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................[....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.\.W.G...=a.ewA..a.!r( ...%Dc..x.x....N.OO...3=...S...........~.z.D.0...g.2P.7.*M.#'....z.......3TPj.Z.[5....V..z'L3...a.j9..C>..9.z
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.315464509584532
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:SsaoRBHndpjGXDtf1SfEkJLLX398u9j4lrd3r4xrIdXgt+dmZyutw109:SszdjGXDF0fE83X398kYRbaIGwG
                                                                                                                                                                                MD5:DBC6885535B0E495E4781DE2FD4B98AD
                                                                                                                                                                                SHA1:CF5E4A203555CD8854D0E89FB3E3FF3CA694CCC1
                                                                                                                                                                                SHA-256:4FA175908CA4588441B70B1E37A39A7E2F49F10C8F0B8839AE19D6F7ECDEED7A
                                                                                                                                                                                SHA-512:C70C02D9ED99F86AC19F4FC35BBB789F2A1AC990BAFE1D4D8241C3A0A6DA35095FB09E6873D04BE7D0150F1C15052C611DDF2AE8104A3AB73246B43A3993C992
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ............p...0U3.8......p...0U3.8.......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............|.k:H._.>:.J........N...^...............D......F...qC..........f........................................I.qk..B.....LZ............|.k:H._.>:.J............|.k:H._.>:.J............................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...+..7+..7........................;........4...4...4........................#...............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):55804
                                                                                                                                                                                Entropy (8bit):7.433623355028275
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:gVvci05lhVbfBcWvBLeynluexaWqzww/u5:gVUZhHDljaHww/u5
                                                                                                                                                                                MD5:4126992F65FE53D3E3E78F6B27FD49DC
                                                                                                                                                                                SHA1:BC0D76B69310DA9B909D3EE4CECBFE5F386BFB45
                                                                                                                                                                                SHA-256:3FBE3C1C238BD7DBC67F8CFF5F3BDDFD513C96A9851B9616477947D21DFF4B2E
                                                                                                                                                                                SHA-512:624853F5E56D224C8188F122B2C4724F867D4099E7FAAFB9C945BE7E2907900ADCF4AE97AB08909CF94E96FB6F381E3B6396D560D93EB2731E4E69CBFE628F10
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d..............................................................................................!1...AQ.aq"2.....BR..8x..r#..9b....3....CS$.'.cs.......7Gw.(.4%5&..Wg.h......tEVfv..H..........................!1A..Qa.q...."2..u6....BRr.#...b..3s..d...7.Cc.$Tt..S4.5Ue..&..%.................?...,...8..{..S.y.N....%..q.8..H[5....o..xg........)c(.eO.YO..._D..x.U.....%.S.r.r._.^..Su.h.Q.t.:.#?....x..B.S...Q.....oqF..%..8'.qx....%.2JKjF..{y.w0.*a.RMb.c.Q{%....eW'..[IV..'ZW3...[...MN.....rO.:....$.i..7....Vrrr...I.r..M..Qo..j....q.^...N...J......%.J..)F...>$.....u........o...+......[...*..t....R}.I..R..S..GB..:......).6_[^Xft...F.1.....zP....,.#....MG.T..Q.F.....)Fi../.I...,%.voEb.b.Z..V3..FT.}..[Z{....wd.z.e.....QwW(.).t..\..'....:)<W.<..&k...caRT.X(..K.....:f...]...q..
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.48523804867913
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:csu7u8d7qs8Jt1Y2EbzBG7pX0y7p9Iij4RDrdMrhd/UdX2zb5bok7GyAS5bB+Ev:cskq7J3EBeXv9IiSDRMhCgbn9
                                                                                                                                                                                MD5:C80D78B95BF644EE2148D6C544EEFE51
                                                                                                                                                                                SHA1:3CCFA1BD03840EE29E1F8FECA495E365B3B4520A
                                                                                                                                                                                SHA-256:7361BFEACC961F0D02A28CFDA2B9E08DEE2C70DA881A222FC0253A3FCCE3A838
                                                                                                                                                                                SHA-512:8638906F2DFEC38054288981AECC022401E31EF57C8AAC28DAEEE3901D8615284DB48A80983AAA644E723D3C4E70285043B430B45469980F084F0DA2772C2F0E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......n...v...b...................................................................................................................................2...>...J.......v................................I.......I.qk..B.....LZ.M.......M...m.8.|d..]e.M...m.8.|d..]e.M...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............$..[<'%......CF....N...^.................[.oC..g...j........f........................................I.qk..B.....LZ............$..[<'%......CF........$..[<'%......CF..........M.......M.......M...........................................M.j.....M.T.]...M.......M...B...M.H.....M...B...M...>.).M...J...................;........4...4...4.."...............M...M...M...z...y.. x.. ...........$........4...+..7+..7........................;........4...4...4..........M.......M.....#.M.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):59832
                                                                                                                                                                                Entropy (8bit):7.308211468398169
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:HS9SYFtN0+CRa9mfJy4zBAiIJhzrkHDV2hJK:yAmta+Tyy4zBIJW5WK
                                                                                                                                                                                MD5:DCDD543A4E0BA2C1909BA095D46FFBCB
                                                                                                                                                                                SHA1:B86C89537138FE07255354202D3EAD0B53B3C54D
                                                                                                                                                                                SHA-256:28F334B77068F71F5F92A95695433B950610204A0E5580CE567DB8FAD4993ECB
                                                                                                                                                                                SHA-512:5408C3259B7F3288A4BEB04342799AD5FE3A6F0EC7E92353B29B7E7E538DFA9903B39637226919E0421BC422635D25F5F8069DC7441864DC03E1B909BF5C2C84
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H.....fExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:08:07.............................S.......................................................&.(.................................0.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................y...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?......;R~+'....xh..~.n-}.......Te................^B..IU_....._...S......h.......!....9...A}6V=J......C..c.....Ug.Wh......
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.326389337308966
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:pBs5Zq4cWgW7FhltUEQ2sX19Ledj4n5rdMrmUdX9jS7HWgk7RgC36gg:pBst7rlWEqX19Led8RMXfwg
                                                                                                                                                                                MD5:41E2413903B5379A85F4D7C907C8DB2F
                                                                                                                                                                                SHA1:B463348781FDA0E53AEF6A7745B994509441F9A5
                                                                                                                                                                                SHA-256:AB52956819D2C931942350620590808FC9888E185B634CDA5AF75C16C6BDA08C
                                                                                                                                                                                SHA-512:0FAA0CECB4D6D6C4BF35B340FC49A6A5A515F83DFDE862C98B2420E54AB7C544070AED9F5B1CE79A57A2B6FF653CF980CA4EE74C661EF7B4B609A0615154EB3B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................!.......!...K.#....D...I.......I.qk..B.....LZ.!...K.#....D...!...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............q(.c....P..........N...^...................../E.[.L...........H........................................I.qk..B.....LZ............q(.c....P..............q(.c....P................!.......!.......!...........................................!.j.....!.T.^...!.......!...B...!...C...!...>...!...|...!. .3...................;........4...4...4.."...............!...!...!...z...y.. x.. ...........$........4...+..7+..7........................;........4...4...4..........!.......!.....#.!.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):33032
                                                                                                                                                                                Entropy (8bit):2.941351060644542
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:ofmqvnCfmqsp1Ue5xzMq+Qh0dffUmS0w5xzMq+Qh0di:AGAp1rmSl
                                                                                                                                                                                MD5:ACF4A9F470281F475EA45E113E9FB009
                                                                                                                                                                                SHA1:B20698DDA5E5AFDD86BB359A6578C9860D5DF71F
                                                                                                                                                                                SHA-256:5DC2367A80588A7518DB5014122510BF0FD784711015EF83A8718336584F82D0
                                                                                                                                                                                SHA-512:998B7DB9DB08FD15A293267E2371052E436E024AF8D34F96D3C8FF04B1316678DFC1674C921CB404121FF381A4FC39DC759E6698F19D42A6261CBD39469B0A08
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:....l...........................Ac...... EMF........$...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC........................F...(.......GDIC............^...........F...........EMF+*@..$..........?...........?.........@..X...L........................."B...B...B...................?...........??.....n............;...<..@<...<...<...<...<...=...=.. =..0=..@=..P=..`=..p=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...>...>...>...>...>...>...>...>.. >..$>..(>..,>..0>..4>..8>..<>..@>..D>..H>..L>..P>..T>..X>..\>..`>..d>..h>..l>..p>..t>..x>..|>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...?...?...?...?...?...?
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 3005 x 184, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):12180
                                                                                                                                                                                Entropy (8bit):5.318266117301791
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:k1bHyG/fKOOOOQJUg+g2S+kEm6alfsfsfn32:+bSG/yOOOOQ+g+gOab32
                                                                                                                                                                                MD5:5C859FF69B3A271A9AAB08DFA21E8894
                                                                                                                                                                                SHA1:3156302A7450ADFF4D1B6EC893E955D3764D4DD4
                                                                                                                                                                                SHA-256:B4A8E9A67EE0B897615AC4CCE388FFC175AB92D9E192E6875C79A4E7C1B5BB6E
                                                                                                                                                                                SHA-512:4CF518136EEBCA4F400A115D9B7BB0CAC9FA650BF910B99E15F04A259B7D3EFCFFD6796886FE09DB08C37C332B14BC8500845C09C8EAE1F2306F90E98D3C99E0
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR..............;j.....sRGB.........pHYs..........+..../9IDATx^...dW...S=.dL$.............-.`...'...x.7.D...(...$.?cO....9S]=.v...Z.......{..wNuf.&.....a.k5~...._..\.yk..v.....}{._.Q...5...._9o.n.....}7.].1v..t......q....3.<..0<.p.......0....s...... @....... @....... @....... @....... @...X.'..U-..... @....... @....... @....... @....... @......,I......+..... @....... @....... @....... @....... @........z...r.. @....... @....... @....... @....... @....... .$.C.KJ[.... @....... @....... @....... @....... @........&`.=X`.%@....... @....... @....... @....... @....... @....../)m.. @....... @....... @....... @....... @....... @ ....`.)....... @....... @....... @....... @....... @....K.0.....J....... @....... @....... @....... @....... @...`.....\.... @....... @....... @....... @....... @......,I......+..... @....... @....... @....... @....... @........z...r.. @....... @....... @....... @....... @....... .$.C.KJ[.... @....... @....... @....... @....... @........&`.=X`.%
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.350811662242349
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:Ys4SXCueX/VtyrEPEczowLuejXmRpX9csDp5xrdMrKA73QXD9W9gpmd4A:YsGnvVyEsAowxXm39caBRMp0I
                                                                                                                                                                                MD5:22ED2CCB0D5BD405781B882C58A1D813
                                                                                                                                                                                SHA1:0F0AD63E9B905528DF88FA4C6F335A2503D990A0
                                                                                                                                                                                SHA-256:6FD0E4B2EA0A788FD0D5B43CC30A1191D4B69878F02569A165D7695410986E11
                                                                                                                                                                                SHA-512:151EDF129D4D76B9BAD453CEE083B16A982F6C1B39FC892FD4C2D1F6A52A446345C44198DBC6B41A1A2E350F125AB098064941526A467B69FE6A0FF8C634DE8F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ.I.......I..:........'Xf.I..:........'Xf.I...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............H..c..T..vL.....N...^...............`.f....G..8!.)..........f........................................I.qk..B.....LZ..............H..c..T..vL...........H..c..T..vL...........I.......I.......I...........................................I.j.....I.T.]...I.......I...B...I.H.....I...B...I...>.).I...J...................;........4...4...4.."...............I...I...I...z...y.. x.. ...........$........4...+..7+..7........................;........4...4...4..........I.......I.....#.I.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 39 x 600, 8-bit colormap, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2104
                                                                                                                                                                                Entropy (8bit):7.252780160030615
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:2PPEOtz2P/LJtVRaqBG8qFOPvHlcEXgkuwf+j:2PZFSjJDjqFOPPlXgG+j
                                                                                                                                                                                MD5:F6C596F505504044DF1E36BA5DA3F09B
                                                                                                                                                                                SHA1:BCF17EC408899B822492B47E307DE638CC792447
                                                                                                                                                                                SHA-256:EDBB86F160050FBF1F9860276802BAE292DBFD0BC98E3EA90D43D981E9F0C54A
                                                                                                                                                                                SHA-512:E8D067A1932CED8746FE7D665EEC34EA92A98AFF3DF26FFA9DD02742DDEA3C5654124A88A649FA33DB596F96A5FC9CB2C693D03132F1C8B254ACB56DB4763BD8
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR...'...X.......:....PLTE.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................{.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^..c.%i.F...m.m.f.m.m.m{&....X...9.....M.WUW.d.N.O...E$...$...)H....n....N.k..v.....v1L[w)w.}..!...Y.X.V.D.......[....;..[..;....
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.329552240540694
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:Z0sqetF3E2MXJ956voRM9UmqXRVqHznU:KsqetutXJ956voRM9UmqXRVqTn
                                                                                                                                                                                MD5:C8E78B2C3A686C372DE42428E12318E8
                                                                                                                                                                                SHA1:5673A1642A547E920341F99ADDBA0DDC3684B187
                                                                                                                                                                                SHA-256:0E26F61CF154163F1DD3FF84AA13BF3E11A82718BE6832DE2AFA487E054C19B0
                                                                                                                                                                                SHA-512:4EDC80DFDF0DEB48FAF45AFE04183B4B03D8876FCD473225074DF2157B642271B10514B5623B24D4FD29402C840AD77F288D7B3DB61FB3CB57342CFFC6B371EF
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................I.......I.qk..B.....LZ8.......8.......0......8.......0......8....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............'.ln9$).>_..Q..K....N...^.................%..u|@./..L.T.........f........................................I.qk..B.....LZ............'.ln9$).>_..Q..K........'.ln9$).>_..Q..K.........8.......8.......8...........................................8..j....8..T.]..8.......8....B..8..H....8....B..8....>.)8....J...................;........4...4...4.."..............8...8...8....z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4.........8.......8......#8..............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):14177
                                                                                                                                                                                Entropy (8bit):5.705782002886174
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:EbgGcV/hlvpfal7rgYa8S7auAxwfuSTmCSNoFQ6NO7L:EbgGcVnpwimnd38FdQL
                                                                                                                                                                                MD5:7CDCE7EEBF795998DA6CAC11D363291C
                                                                                                                                                                                SHA1:183B4CC25B50A80D3EC7CCE4BF445BCFBAA6F224
                                                                                                                                                                                SHA-256:DE35AF949D4F83E97EE22F817AFE2531CC4B59FF9EE6026DCA7ECEBC5CF2737F
                                                                                                                                                                                SHA-512:560FB15A9C12758D11BB40B742A6EAD755F15AD10D6C5DEBA67F7BC8A2AE67C860831914CBCBCDED9E6B2D1D5F26A636B9BCEF178151F70B4D027316F94F27E1
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!.1..A....Qa".q..2.....&...B%6.'..R#3.$E.r457bS.DUFV.Wg(.......................1...3.Q..2Rr....s.4.!Aq.S.aC5B$%............?...n.Liq.}.{#....3/gg.1.M +..~3...q..+=..:.g.i1;P)7.....q..n.s"p...wx........v.t.f;..L/..~....y.r[.r.....n.n3..6i..g..}../........3..x.L.i?We..l.......~..<.;..6..o.....N.t.o6.l..~.......<...m.V...Q.7k.u./wq.t..;.I...}..{...>.L..3m..a....yd......6~.f..~Y..}+..<.[w..'-..?.v.7...v.u..4.......1];..u.MO.......s..p..ms.'.O-o...O......m.k.e....)t....i>..E|....,iOyD|.{......g.n...cu....=..........h.\.Q:?g/?.I.3._...t...d.n.0.%y....S.Q....S.&K.w..&wY<....%.g.v.....$y..#,i;.=...t...I6..yO..o.d..w\k...~......)..rK.......].u....N....e.s..kU.u..'}
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.3696684543838735
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:Ms3BRhpY9ntwp9EYXL7paXM9XdsVpyGKrdMrhL/wDFX9E9GZ1cl:Msk9nsEQ4XM9tEBKRM5khc
                                                                                                                                                                                MD5:CD8D4BB835B64D9C60067B58CD25CA05
                                                                                                                                                                                SHA1:AABBB645974CF05A872F3E8AEA0B7AEB7B84999C
                                                                                                                                                                                SHA-256:022EFCE047BF87ED2C2BC2491B5EDA75CADAB47089BDCDC69C69FB6F9004AA36
                                                                                                                                                                                SHA-512:8C5639C64F6B8A12B7CB18BAD67BF2B606104362F40355A10381E381C8BA6F3862598F1B71E33EF7D564D18294591B74870362F4496FFC4753C850BD8B36BF39
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ..l.......l.8B4...f..&....l.8B4...f..&....l..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............d....cS.!........N...^...............}..1TL.E...?r.........f........................................I.qk..B.....LZ............d....cS.!............d....cS.!...............l.......l.......l...........................................lj......lT.]....l.......l..B....lH......l..B....l..>.)..l..J...................;........4...4...4.."................l...l...l..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4...........l.......l....#..l............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:44:07], progressive, precision 8, 611x163, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):36740
                                                                                                                                                                                Entropy (8bit):7.48266872907324
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:3nwDxjTvoE0Rjwit4rjucDILWg7/Da0JgGQ8e1S8SA/Khos0:SxjTmZw7nucDILj77a0JgGQvScb
                                                                                                                                                                                MD5:9C205C8D770516C5AA70D31B2CA00AF3
                                                                                                                                                                                SHA1:9A1002F0CF7F92F1BE2BB25BAD61CEBFAC282482
                                                                                                                                                                                SHA-256:E111F96490755C7D71E87C88ACAEA38AFE55BB865B1A14A83C5BD239648D5E2C
                                                                                                                                                                                SHA-512:A3E105208B32831265428572B0937DD3C17B793D8611B2DA8D4939F1BEC6050999D375E3F6B87D53AD49DFA0EAE737B0141D37597AA42116C310761973D4A134
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:44:07............................c.........................................................(.....................&...........n.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d................................................................................................................................................."...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..o...4.gP.~.c...K{...V.=...].<.........vS.........s....(.t......X......kk7....~-...yF}^c.Z.\.G./.?t...>....:.>......./.ib..).
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.451116976743606
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:RsFtRUJELZXb9hIIRMrN0dO63CHOAaVz:RsrRRLZXb9hIIRMrCdL
                                                                                                                                                                                MD5:183CDAA872B93AD619A21BC22369251A
                                                                                                                                                                                SHA1:6754C5A03E075837565B3C91B993805E18BC40A2
                                                                                                                                                                                SHA-256:45B15D04F3599D965B7DB195F28ADBC05B6485E62F90F3A84730E22D41EF4848
                                                                                                                                                                                SHA-512:3E70FFD76AB41A525EDC164E23DCABF21C3F8BA072063C53396D0A003E6FD82B457FF3808B24AA0B0639E1D6599DBC4754D792BBC98DD15146F51F58FBC34D87
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......l...v...`...................................................................................................................................2...>...H.......v................................I.......I.qk..B.....LZ2.6.....2.6-.....d2.K..2.6-.....d2.K..2.6..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............pY..d.=.(....]7....N...^....................H.C.hK............f........................................I.qk..B.....LZ............pY..d.=.(....]7........pY..d.=.(....]7.........2.6.....2.6.....2.6.........................................2.6j....2.6T.]..2.6.....2.6..B..2.6H....2.6..B..2.6..>.)2.6..J...................;........4...4...4.."..............2.6.2.6.2.6..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4.........2.6.....2.6....#2.6............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):53259
                                                                                                                                                                                Entropy (8bit):7.651662052139301
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:dCiCBBenRYWDBCipMYGTbYGLHbXxoP/qEF+MU50qyJ30h2W474S/Aq/xc4674bi5:dCiIQXBCiwbDLHD0/sFyVel4Pi4UgE
                                                                                                                                                                                MD5:2EE369ABB7936F8C28FF0ABDD224EA05
                                                                                                                                                                                SHA1:FE9D304A7B49E31EAE439369ABC548E265149636
                                                                                                                                                                                SHA-256:FB12D59B8BE911247BBAFDD416852E8B74B028005A141CB4DBBBA109B4B6ED2C
                                                                                                                                                                                SHA-512:5CF396CA472C32AE988600176114106CB1619404DD899A3867A5AB43DC90583B771EF69B14EF50E56A21F038BF51D8463C6ADD2DE9D4CB523F6290E24A4DECB3
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..AQa....q........"2..R..Bbr..#S....3$.....C.4v..(X.DtEUV.....cs..Td.5uf'Wgw8Hh........................!1Q.Aa....q.2...."R...r..3.t..U...B#S.4ub..C$d.5Ee&'7c.D%sT..............?.....?...k,lk^...M".Yo5.Qp.&s}b.m.:...W.x}.*.a......N1..d-n.-..^..b..TZ.W..."....F....^......ve5...^...2.:i...........~u2pK.z./&..u..L[I....Y....@y{|>..MN=:....Q[..H....a........|%..4fV....).....^.9b.f...F...p.=.W...aZ.........Z.t.n.....z3..[..lVh..\.N-.._.sK.y.._e.G.jig.a.7^....u...*.p.5.a.].........u/u..D.yl.XA..f.z..~.x.....N.....b=.uv.2.t.'.N.-.H..n.v.a.A[.Z.....T2...._...:....h..l.E..sm..a.3I...RE...fWb.Ek.0.#.)..Y#T...........u{....U....s.].7_H.2.`O6...P......}..4LR....]4.mid...
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.3500684720703555
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:BAsWkLDe1dtlbT/SEXDJAKBXrnsrkB9tsYpyMGrdMrpS+FXK1mqh/ou:BAsLDe1dfeEXnBXLXB9t9pGRMdFw/o
                                                                                                                                                                                MD5:3D6E534309D59FFDFB3B180DFDF7B761
                                                                                                                                                                                SHA1:7F04BCCAB9E3AEC6E6B674DCA75F868A2BCCBE0A
                                                                                                                                                                                SHA-256:89A01D31C83E46206BADA360893F29922AE700D3373EB06D7832978D778688B9
                                                                                                                                                                                SHA-512:F11F9474F0C3C3584D0E05E91220DBDD7A61ACE868445FF72DF06F229EE80A2917E68AC6708E3247EB7F8FE15FD4AF9D29C6F7A00B306F4AB84225A245D7D2DE
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ.yp......ypCm....!.CO.2..ypCm....!.CO.2..yp..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................?.....K.(.:.....N...^...............c|.....L.1.Q..T........f........................................I.qk..B.....LZ...............?.....K.(.:............?.....K.(.:...........yp......yp......yp..........................................ypj.....ypT.]...yp......yp..B...ypH.....yp..B...yp..>.).yp..J...................;........4...4...4.."...............yp..yp..yp..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4..........yp......yp....#.yp............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):60924
                                                                                                                                                                                Entropy (8bit):7.758472758205366
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:kU7O7+CFqO6DkxTgPzo2wqggrrX8QvN1I/ZLBttB9+dPFXbc:hVuqJDaTqo2wq1L84N1I/Z1tT9X
                                                                                                                                                                                MD5:D58C51D2CF586A5E14A9EC8529C3B0A8
                                                                                                                                                                                SHA1:F4811A353797C29B1E3F5A61B125C46E1534D587
                                                                                                                                                                                SHA-256:F927C7825851974A2149868146970706523A49165133CEE6027A43E8C9ABDF27
                                                                                                                                                                                SHA-512:34B963173AFBDF07432F4B983D29F10376E4771FE666E9D50B1A81DA0B9F6001FD86B4A08B9711386DE153BF6E03C8E932E2D181C8EAF94EFF34D20FCA7570E0
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d................................................................................................!1AQ.aq....".....2B...Rbr#.s.4...3$.5u.6v..CSc...DT..f..t..&F........................!1..A.Qaq....."2....B.s....Rbr..#4...35...CSc.$...DTdt..%..............?....O<......X.O.Fg..{.W&u.u.T~.|r;g!.._X..N.p.4.........................................................yK..xd...6..|%....\j..e.=...Y..f..I.|-....e...$R.j.......~.W#....{.....V.k.|F..z^..:.~..f......"x.....L..K..r../.;..[..l...;.U...W...X.........8.....y?..B...m.......j..Q.g3..G.K....GL.o..n7a..Y..[.'.........x........\......~...f...0\Wc.n?k.|.....1.ww;..2..?...r4uF.MXdB6..W..mG2NJ.E........u...2.q...Z..=(l)jU.X...U.\X.......O<......X.O.Fg..{.W&u.u.T~.|r;g!.._X..N.p.4.......................................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.3163909815675545
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:1qsQ1FejVulTLtcruEJtJPQXER9NsydpyBrdMrPB/FXOw93txR:UsRZuBLjEWXE9Nx8RMh/L
                                                                                                                                                                                MD5:5D9722744806CA7BF485FE5FFE52C031
                                                                                                                                                                                SHA1:BCABC7F87036908078540A970829AE334AAEEEAB
                                                                                                                                                                                SHA-256:EB4C27297DE37122EDD88AE876A340C50FE91A9BED7FC58F77ED5685D66B2B1D
                                                                                                                                                                                SHA-512:146A7B5D5C1F249E2F6BD2F8C3C111F2A457EC97DBDB028F25B983CD4B5EB0E441E9CDFE9C5512FCFEC3CBA44D78439239F271C2DF399C643B5CB0638A49490C
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZiM......iM.%.....L.L....iM.%.....L.L....iM...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............4C.M.Vp...b_J..J....N...^...............bRr...+K.....|..........f........................................I.qk..B.....LZ............4C.M.Vp...b_J..J........4C.M.Vp...b_J..J.........iM......iM......iM..........................................iM.j....iM.T.]..iM......iM...B..iM.H....iM...B..iM...>.)iM...J...................;........4...4...4.."..............iM..iM..iM...z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4.........iM......iM.....#iM.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 39 x 579, 8-bit colormap, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):515
                                                                                                                                                                                Entropy (8bit):6.740133870626016
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:6v/7su2/c30mqkg9VgFHe7Ll8UmJX/N+1Zmkk8f3lbtI4:4mc38gFHe18lkk8f3lbth
                                                                                                                                                                                MD5:E96BE30D892A5412CF262FEE652921CA
                                                                                                                                                                                SHA1:8190A0BFE21D04BC6F3A406E91B87CA69C03A2DE
                                                                                                                                                                                SHA-256:0E31DA4DFCFF4A36C64C1CE940362D2309769F36369E4C43C317D5F2FA15658E
                                                                                                                                                                                SHA-512:D647F51ABBD013226A6ADD0D551D058C633F867F9AF5A9E099B85D6E291D220F7B85958B07381CD4C7C4F72356DBAFE2A86932AE398E28C56CDDF0744E92EE24
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR...'...C........b...`PLTE..................................................................................................bKGD....H....cmPPJCmp0712....H.s....9IDATx^..I..@.C..<..?mo.#C((.J}...~..B...b.I.i.\<.e.....(p.I.EO...q.x.......dRz....K..b0.:.<c.o..0.x\:...F....I&..ap....."P@....DO...q)p*..@Y.CL2)=......1.........4....._.G..^`..lDO...q...X....SL..z....K..#.L#..I6..ap.Ls.,....7&..ap.p..lI...,GO...q.....k.n1..4......3=.f.x.$..4.....o....x.$+..0.x\.,&6...............IEND.B`.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.348820546450622
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:OBjsvkhLutsSIEEPGXo49NN/kRMKSRKxS4:OBjsshL6sS6PGXp9NxkRMbRK
                                                                                                                                                                                MD5:95DBD0D5B7ADF122A86DE6E7A188313A
                                                                                                                                                                                SHA1:F176733A2C0735B4048CE191E7A4DC10D221FB26
                                                                                                                                                                                SHA-256:D437A421BE2FD863F097FA68FB58AD810E3DB370D33A9A34CB8F1DD0B32F70BB
                                                                                                                                                                                SHA-512:6652E6BC88FAB87FE9D6A7AF76A2CA65EA6F613ABC3442307FB914FBD4B364595171946550BB3A10F0CB78D1C11B3C388571005EC1430FEC95B0FC5CB92F5ECD
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................I.......I.qk..B.....LZ......................aP..............aP.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............CRFLV..$.D........N...^...............'.C..Z`K.....3.!........f........................................I.qk..B.....LZ.............CRFLV..$.D.............CRFLV..$.D............................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4........................#...............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 30 x 700, 8-bit colormap, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1547
                                                                                                                                                                                Entropy (8bit):6.4194805172468286
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:dZeDNYbS+238CTUFPA6SXG5qSacX9q73eXu0vC3dU+OB2gbwHRuZ:dykp9FzBBacXQ3uNC3n7xuZ
                                                                                                                                                                                MD5:0BA36A74DFBF411FAB348404CCEC3348
                                                                                                                                                                                SHA1:4C619790E517416E178161028987DF1CD3B871CC
                                                                                                                                                                                SHA-256:2E7AAF26BEC32148B96442E8FFF1BD2CEF2D72630969F23B9A2ABEDB6CFEC93B
                                                                                                                                                                                SHA-512:90AF53DB7C413E2ADB970AC345F73E4ED8AF626E179C929E6560118F7A9E98DC7C5FF02B2B3F6C98D397E0FE2D85F3427C6928C328872149E176FA8A99E91F54
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR...............\....PLTE.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................D......bKGD....H....cmPPJCmp0712....H.s.....IDATx^.WSTA........b.0gPPP0..E.9b@L(.c.N.U>..@......;...}..B.(....$......5..XS...I....).!....D^.uE...\..5........F."o..-...m.n. .^.....q= .
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.328887915305702
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:esEe9hO591f9EkXJR9i9TMRMm9hgJp/AeI:esza91SkXX9gMRMmDQ
                                                                                                                                                                                MD5:B214F987F3717F02490C378BB9AF0E04
                                                                                                                                                                                SHA1:59961727018A7E2D3B8E4520C49B46B2F386D5E3
                                                                                                                                                                                SHA-256:A0B22D1AB55C4D48E5D3E8F894C8F2741DD2FE4CAFD881DAC230DA109BED4E68
                                                                                                                                                                                SHA-512:B1ED0BF67E15BE3D2E85D3B006B8FF1039F7E1C0F59E8860DC1387DA55E2F535393050124A483724AAEA6BA60F701EC4906E0EC407B24516ABC86861FE45B13B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ..Y.......Y2.D..7.K..4...Y2.D..7.K..4...Y..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............m..I.t8.#..8.Y......N...^...............4e5i.&~C.6\.3C..........f........................................I.qk..B.....LZ............m..I.t8.#..8.Y..........m..I.t8.#..8.Y.............Y.......Y.......Y...........................................Yj......YT.]....Y.......Y..B....YH......Y..B....Y..>.)..Y..J...................;........4...4...4.."................Y...Y...Y..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4...........Y.......Y....#..Y............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):95763
                                                                                                                                                                                Entropy (8bit):7.931689087616878
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:EoES7mhTyzabUaE77xAOmq0zVruQlttNxlipxVWssMU2YhRy2v6pKKYhQzwMc2:zz7mhTyzabUa4b4xuQlttnlGx8x9h02M
                                                                                                                                                                                MD5:177DD42CA99CAA2CCBF2974221680334
                                                                                                                                                                                SHA1:35FD86B3DD082A6D4930C67BC0E05D3B5817465A
                                                                                                                                                                                SHA-256:525A857D0EDA855A64D3619DF58B1C2D013A73E60FA0D49B155ECFCB2C134C7C
                                                                                                                                                                                SHA-512:6FB6D9A6C97B1115C3246690A2F339CD612899AC25ACBA00296EAEAA0A1D094E7339D670969764FE23EB7C08FCDD01C6F78FBC0735D504D5E02AD342901719B3
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!..1AQa...q......."...2..B#Rb3..r$...6..C4....Ss%5...tu.c..Dd.EU7....................!.1.AQ..aq......"r..2...4Rb#3$B.Ss............?..H..dV....U..-..0]Cp.%O.Z.Y.e.=/.q.....j76.w@s...5.&&&5...n..w..>.1....;.vR..[.......=.......KtY]u3.g18...).r....&.IZ'.....g..4kY..X..b.......y<...r1........e.._...X...w....op.m%Jr31...S.Vo.._....OI\]....F..V-....\...2j..X.....y.p.$4.....&#..]..n.V..x..P...F..C.f....])..~..Z\.....,..#..v..v...2V.k.SuaydO../[.*c._..oTV<Z.s.[...o.x..>....-....v...#....-.X..L.Z./#.XG.-.0......%w..H.@aZ....C.}...N~.;..R......5.D......I.... .R........s.>..ks....(...S...9....2=. :^.. p.+?(....$..Q..I.........=|..`2. v..t......U*.8.u.. ...'...*...2;u....& 3..$.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.3317185066913915
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:Ssm9xPDZTNWBt2eYEyLgHrXX9oSU4pyVrdMrMhVFXIC+e5BLmV:SssRRNWBcDEy0LXX9y4oRMqlNLm
                                                                                                                                                                                MD5:BB63A6D27DD34FC0159BFEC9B7E82F59
                                                                                                                                                                                SHA1:F841C0847DDC2ED4152ECF482C60364497C35C5A
                                                                                                                                                                                SHA-256:48D52C7E5C7EB17ACDA35E90530C56C26129C2266A1882795E1517CE16870AB5
                                                                                                                                                                                SHA-512:A97C42D28A6AD341169322A6F1FCCC694D6DD01805C07466ABC3815EE942311380B0064008C4115B4C2B90F1E2F9AFF5C5B252B07D012B850B2117E071AF8EA2
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ..[.......[.....$P#=...N..[.....$P#=...N..[..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............g..0.....+.qQ.#....N...^................B..@.$K.j$C...c........f........................................I.qk..B.....LZ............g..0.....+.qQ.#........g..0.....+.qQ.#...........[.......[.......[...........................................[j......[T.]....[.......[..B....[H......[..B....[..>.)..[..J...................;........4...4...4.."................[...[...[..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4...........[.......[....#..[............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):67991
                                                                                                                                                                                Entropy (8bit):7.870481231782746
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:3PC0XJjsmsKuZRG1pXuZ6z3wARnV9AEnieCc7cllJcHJ:qyMBzkUZ0gq25c7Z
                                                                                                                                                                                MD5:1271B1905D18A40D79A5B9DB27EE97EA
                                                                                                                                                                                SHA1:9618608FBD7342DE6C71220A36C3F4995BA9C13E
                                                                                                                                                                                SHA-256:5B321A4D81BD499B289B1755F6450A42047C494DFBC112DBD56DA4CED2C15C1A
                                                                                                                                                                                SHA-512:C32DD26047F6B8AA061085B38AC2B8335868E1BFD8731DB65544309223A955FA4BF45B06AC8D244408658F51A1775B6F19FF0FFC804989DE706DE8EB36F1436F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1..AQa..q..".........2...BR#b.r.3...$.'...)..C%7gw..(.S.W89.......................!1.A.Qa.q".....2...#....B.t......rc.$%67Rb3s&'CUu.v....S.d5.V4T.e.............?...?..Wj.e.e.......w/..E..eOw_.....6......u..C6h.,..;.g.D8Z..-)O..jy..e;.u.g..w..[.L""k'w.......'1'.[......=..P...S.9a.V./O....q=8xk]...........9......F...e9'....9.O.... .&.....p......c.4...mr...?.......L..'.....0....+..|_...POM=7.?.2.a....};.Z..y./....>./.C.<...;.....|.1>...........S.8.o.O...+..n2...k../.X..9...Y...:.....\...Dk......q.K..\.Wuh.!Z?.mu...R.5.A.S.h.0..[..v..+M.....aUi*.k..?#..._...X..R.&]..[..;../]L..f..V......*.e...ut&.#.J.5....c%..o.$..v.<K.6..T.IP.....6X.*.uf..t0^..-.)m$.!.q(.j.f;..WB6.b.B..R.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.36790247594836
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:i1szB38Z4mnNYtyRpEvlLpXXS39cIUbpyJrdMr7k/XBGxFXY0s9jZsrlpQWK9:8sbCNYAEdBXS39ib0RM7EXaX2
                                                                                                                                                                                MD5:44201EB4C811981178801192B1CD73C4
                                                                                                                                                                                SHA1:4701151FEFED09EEF8BB95A883D92D1546DC8C85
                                                                                                                                                                                SHA-256:28DA1633066F058632CC948614CF691FE76DD9FB220253D7015C4124C2DD80A4
                                                                                                                                                                                SHA-512:AAC0EEE372C6EC75257077C031865790F79175FDD2CFB87A6C1CFD09B7D4621DD44A0A0C09A4254B532ED33000182112B26A1FCEA4C667CC7EF7950B7CBC3A7E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ...........0>.'.I........0>.'.I........I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............l..zE..*5..A."....N...^...................!.II....Wk.l........f........................................I.qk..B.....LZ.............l..zE..*5..A.".........l..zE..*5..A."....................................................................j......T.].............B....H........B......>.)....J...................;........4...4...4.."........................z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4......................#..............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):22203
                                                                                                                                                                                Entropy (8bit):6.977175130747846
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:5q3R1VBvq3R1Flrk6Q0QPJJrR39joOVMJ25d1NkMhIwobbtAAAqYnLJZMJYZ2AC:xw6Q0WJR3FoOVMJIIlAAAqYnMJdD
                                                                                                                                                                                MD5:2D3128554F6286809B2C8E99DE5FD3F6
                                                                                                                                                                                SHA1:FC42CB04151D36F448093BDEFE33031A9B8D797D
                                                                                                                                                                                SHA-256:14FA2D16310485AA1CE41F6D774A3D637E8CF8B03C4F72990155DF274FDB6BD9
                                                                                                                                                                                SHA-512:D8531247A6E89ECABEA9C4A78F596CCE3493334EDF71AE4F7998FDDD0F80705948609C89756AB56FDFAB6D04DEC5F699A693801A772CA2EE2465BDD2CE5D2D5A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H.....XExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:06:24............................&.........................................................(.....................&...........*.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...H.....Go.Kxn.b..g...........%?_....O......q......7G......%%.V..8zm.].v?...jJ~._..>.......O;........o..rI.A.....n.a.........
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.457932197542336
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:fBs2tKuvjkMtLeI3DpxE15L35X4EH9hUFpyJrdMruU2X6EmFXrogkDJPb4jg:ZsujkMx3xEDtXr9iF8RMTKx4j
                                                                                                                                                                                MD5:02C1130D4D959169EA8A774B80579273
                                                                                                                                                                                SHA1:D860BF7E7715AAC4911E7D89F0485C1651975F7C
                                                                                                                                                                                SHA-256:52B5E7A0FBC4B4691E842F6A5EB1D8D60CC93EADA85F88C7546B21CE82CFBD2F
                                                                                                                                                                                SHA-512:A54BD1008945FD64ED82C90426C6C37419B2CD79F1564E84E9AF5DBF498C4CBA412DEEEEDAACC5728D71D1CF77D1E6DA8C73020BD79741EFF5AE9055907C3CEF
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......l...v...`...................................................................................................................................2...>...H.......v................................I.......I.qk..B.....LZ..#.......#F....%...(>Lw..#F....%...(>Lw..#..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............*."2....(.X.........N...^................zMawGpN..Y............f........................................I.qk..B.....LZ............*."2....(.X.............*."2....(.X................#.......#.......#...........................................#j......#T.]....#.......#..B....#H......#..B....#..>.)..#..J...................;........4...4...4.."................#...#...#..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4...........#.......#....#..#............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):15740
                                                                                                                                                                                Entropy (8bit):6.0674556182683945
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:Elv3GG8/OOs+GouFdxMlxjoPyerzkpuOo2vPMc62PaJseZC+BJoS/:EtNiwdxMlZoPhzkpuOo2PMc6rX8+B6+
                                                                                                                                                                                MD5:FFA5EC40DC9A0FD10EB9E6355142D6A6
                                                                                                                                                                                SHA1:3D3D6A7E086B3C610C08F1F3E3F883604F06F2A4
                                                                                                                                                                                SHA-256:D74C3973C8D1F7C77274691AFB1AA934940674341D7EEE563BE75E563281BDFD
                                                                                                                                                                                SHA-512:6FAF2A24D06E6008F3579C7CEC90C2887462BDF83FAD7372FBB74B8DE90340B580E9836F309B68A9794597A598F7DCDA661C9A58DA6D8187C69083B7A17C9CD9
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!.1.....AQ..aq.g..8...."r....2.FG..#.E..7.Rb..Cc..D.v.B..3s..$d.%5Uu..&6fW'w........................!....1Aa...d..5e.6.q...Q..."2b.c..r3DE..BRs4U.#C.S.T............?...u.&0...cV.T.I...1..=4....Ce_.g.q.=F.M:>)...k..pm..h..=........S....)Ja8x...b.).=5.q..0......k.M.....1?-.G.b&.5..Ep.8t...'...R)..ta.F$bXO]tW.b.6#.t.XWN..ZW......].....G....x&&f..'L.....7...\...'.8...~`.sa...............................................X........qo...SMk...'.V...i..hb.}&?/.k.:>l.^....>Y...<}...&.jY.Gn.MKejyV......D......gf.0....t.nw..XQ...H.B.....=8.UkR.....Hm..w..]...k...#Z...F../.gjWvf.....w.aZ].2..5..^...VZv..._.7..a.|...:.B...,f...............~....m.;_.....-.e.y.w.[m.].bu.b.f+.E++\.....Y..7
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.32689578009594
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:SsESQ6iRgEjLLX/9fOkoRMEkKdvWxFUvaNa:SsnQ6iPjLLX/9fzoRMsi
                                                                                                                                                                                MD5:2D88F7926FFEB6A1D2B92D9311635583
                                                                                                                                                                                SHA1:58AD3A62976ABC8DE96526756336855DE9AB8D32
                                                                                                                                                                                SHA-256:C0138EFD45E0DA4427D73A81A64FFF9B2233A817F10FA25C1ECD43E153624584
                                                                                                                                                                                SHA-512:AAC5C56A529879F7DE97B0FEEA0FB225662689DB53FC78B8DD13ABC19C0041A635CCE0294F6B7854EFFD6689B60B6BFB7EFE5B9E1188239D6E49A5D4558DBA57
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZE-d.....E-d&$.....q.#u.#E-d&$.....q.#u.#E-d..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............@...$*p.6....?.K....N...^...............eg3..iA.nO..fA.........f........................................I.qk..B.....LZ............@...$*p.6....?.K........@...$*p.6....?.K.........E-d.....E-d.....E-d.........................................E-dj....E-dT.]..E-d.....E-d..B..E-dH....E-d..B..E-d..>.)E-d..J...................;........4...4...4.."..............E-d.E-d.E-d..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4.........E-d.....E-d....#E-d............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):86187
                                                                                                                                                                                Entropy (8bit):7.951356272886186
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:AbmHwD7za0syWMetp3TdPFzoJamVdAQZCiUit9qbYN6LerhWMzIWgN1EeaYhJM:1QnzsyTeP3TPAdAQZCi5qbYEKrhWWMNO
                                                                                                                                                                                MD5:FEE4785DF76E93A9DC2F4501CBAEAE12
                                                                                                                                                                                SHA1:8FB4527BDE05EF208FCDB168098A07707C27501F
                                                                                                                                                                                SHA-256:F091DED5E283AF6848670A3172E7C43C6099875D39B3FC69C2BDBA914F609602
                                                                                                                                                                                SHA-512:7E99D33151A0D3873D6A819C98EA8E62D928C087B7BA2080F11C7BCF746AD60A44D4FF6EE3D2D2E8DFA4BF1FC6285ED56BB83F91C2FC6FC4FDFF2000105F10B1
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................1.!Aq...Qa."...2..BR#...br......6v.7..3.CSc...$4.s..&dt%u.f.......................!1.AQ..aq........"2.B#....Rb3..t.5u.67.8.r..$....C4.cs.Sd%.DEUe&.............?............w.....c.....i.A.....3...7.......7..P......%.........?Th..l./?.;.....$}..=5Oa...F.c.A/...D.D..]..y..3e.5\%.fo2.X.*]q.5Ee.}..i..md.T....#...-...Mu...9...-+..~w5O.);..G..'.;..).....A_...M.vV..y.q......,<.3.(...._K:..XM.......w.......9..T.......?b..a-%.c;.}..>....|.,lZKCEB.t...fw|.Sw^..Y..:.J.................t._P..v..j.1.R8.R....G..W*H<(Xi........i..xcu...WM.dqM>'W..g....M.q.....+.....b'..~....>..T.~Jc....fj.X.x..9...N.w.6:..>.......&.(h..u...t._...)_k#7Za...cZ....P...Y..;.V.,..xo.....f........Y...\6...M'L._
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.719595302683013
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:eGCs+3faPKt6tOJEdzbULaBhr5X8J9BU0py8SrdMryKSFXkRH81ZzZBj:8s8IS6QEtUsJ5X8J9C0BSRMnSGStZx
                                                                                                                                                                                MD5:CD458C045F59D61277133D9C4DAAB348
                                                                                                                                                                                SHA1:1E85AE2B8B779D2116C1F18C782D4390995C3232
                                                                                                                                                                                SHA-256:6007FFC70FD8C3A19DF8DA3A97157AAB90626F513890B71EE1D95B01DB036230
                                                                                                                                                                                SHA-512:5D98854F34C7BB06A74916DA8826BE6E931642D11CCD4C4DAB80498FD0B1689B7906271A66906EE66EF80403E068632FF4ABA95738F0B9CCF33A1B5565BF9A3D
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>...........v.......................................................................................................................................2...>...t.......v................................I.......I.qk..B.....LZ.2.......2.Y.T......Zq.6.2.Y.T......Zq.6.2...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............:..(.g....A..Ey....N...^...............;..W...K.|i..GX.........f...................................H....I.qk..B.....LZ.............:..(.g....A..Ey.........:..(.g....A..Ey..........2.......2.......2...........................................2.j.....2.T.]...2.......2...B...2.H.....2...B...2...>.).2...J...................;........4...4...4.."...............2...2...2...z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4..........2.......2.....#.2.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 85 x 470, 8-bit colormap, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):11197
                                                                                                                                                                                Entropy (8bit):7.975073010774664
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:p9wNdtRKcVHso6zsqm06xaqZdingVzLZ7/PGSIz/yycRTbChh/JzhbEx15RGb:mdtMcVHqgAqTinMzLZ7/uSIz/yTR/mhF
                                                                                                                                                                                MD5:DDC3CC30794277500EFE4BC6667EC123
                                                                                                                                                                                SHA1:EFC9642C1F95B5FC38764476AE481649C016FA0C
                                                                                                                                                                                SHA-256:7F5B660A1A0BF46C75AAF19B4F77A0E086DE003EC03AFC1F58D871D55AA5BA9E
                                                                                                                                                                                SHA-512:25232A84604C3959634D33090238FEC8D51E40AD84EB3A08BB8522A81BE1E83378649C014E98E1DFCDF46B7BFAC92D8D2429211CD11D7EE0334C9C3DF7C1B6A6
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR...U.........1x5.....PLTE....................................e........................................................s...............x..........................o..............................................................................................................................................................~.............................m...............................................j...............................................p.......z......................................................x..............|........................................v.......................y..........................................................h...........................................................................P..{....bKGD....H....cmPPJCmp0712....H.s...(SIDATx^.}i@S..N....h...!..)....AI%..p.L."a..)..`U..,h..:O.b.:.j+.Z).b..zN.s..{O...&|..N}...${....~.....k}.[k}{.o^.D_..W:35ly..7rL....6n0.A...b
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.326088714093083
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:3us9NP4kb7KaXVtFoElLAEX//X95UIpyhDrdMrnqxvFXg5jzbK3SApN6J1:+smaXVYElhX//X9KIsDRMcvvS
                                                                                                                                                                                MD5:AC20CF4364186442CACC6EB1F7647F47
                                                                                                                                                                                SHA1:19A3605E6E40F58AE87ECACC1757A99F08948067
                                                                                                                                                                                SHA-256:F3BF93C676E37BD7A7B51BB9C597BD988F47C0591064E55969E0AFE339EF695B
                                                                                                                                                                                SHA-512:EEEBF0ECC9ABCCF81CD4511284D08A0C09413CF6D990E6406208C1B39EC7C4F6BEDB19696D2B026A1F1BB85E7851E942B3ACBDC9BDBC765FF0C9A3348D6C4F2A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ.................L_.............L_.........I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............V.w(......w..V?,....N...^................Ht0...G...%...H........f........................................I.qk..B.....LZ............V.w(......w..V?,........V.w(......w..V?,........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4........................#...............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 88 x 574, 8-bit colormap, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):19920
                                                                                                                                                                                Entropy (8bit):7.987696084459766
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:DRSgtAxJx7bzvAsVSqQElOT4uHmpmvNYT9aPU+QtsC2LgfIqJZnbeyRB:DsgaN7bzvAsVdK4uGQFUZ6bU/p3
                                                                                                                                                                                MD5:1BDAD9B3B6DE549162F9567697389E1C
                                                                                                                                                                                SHA1:5D9C09159F07A3A9BDCC6C4B9BD9CB72D0184E6F
                                                                                                                                                                                SHA-256:0908A4CFA23F93011176D47F45843E9CA2973030421996E8E27484781F54B0EC
                                                                                                                                                                                SHA-512:475040779AC247BB5C3E11862FB55FBDDFA12D759EE86A33E11BC1F3B656D6CD0F9B25146C0113E43E1D8001D8867D3BC3BF7E6FE21F3A0016CB1F8B70B7A15A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR...X...>......y=h....PLTE..................................t........iw..............................................._n|...Tds...ky......................................................p~.....................................................dr.................v.............................................n{.......ap}..........x.....z...................u......................|..Vfu............r.....w........................................~...................Zjx...................................Yiw............w..|....................Xgv{.....y...........................jx..............\lz.........}..z.....t..[ky........u..y.....gu................................{..........}.....u....................~...........y....r.....bKGD....H....cmPPJCmp0712....H.s...JfIDATx^...\.W./.}....Sy...(..4....D.-.....H...% .$"D.Qr.......`..;...6...N......s...^...L.....Y{.GQU`..~...j....{...-Ax.K..&.....F..I\i..
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                Entropy (8bit):2.9174101415298175
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:4CsOVP10oNdrqt2IoNbAE1Lgq9NVSL6MhwHXI9JsPpyI6rdMrHTgkFXzVzb0JFme:4CsAdrqT/E11N0f8XI9JOsRMHUkQ
                                                                                                                                                                                MD5:2D66D67275881FD318C2E6C013F4C99D
                                                                                                                                                                                SHA1:57B9D525B7D8B5D38634277C8F3433582772891E
                                                                                                                                                                                SHA-256:574E0F5A247B4E411211633B8DCF7B0F7F378433834418BD60056A27C614971C
                                                                                                                                                                                SHA-512:AD4D96023226DD867D7DB7B406AA7EC3AD20DB4871710350CB918EE8B6CEC16FD63874B9E09BF9037E632601E2A6E125AC58B72D638082B7DB39116C73D2BB5B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>...........v.......................................................................................................................................2...>.......H...v................................I.......I.qk..B.....LZ~.c.....~.cF..E.....H.Q.~.cF..E.....H.Q.~.c..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'............./..E.?.*H....7....N...^...............A>.b/+&N.\....D.........f........................................I.qk..B.....LZ............/..E.?.*H....7......../..E.?.*H....7.........~.c.....~.c.....~.c.........................................~.cj....~.cT.]..~.c.....~.c..B..~.cH....~.c..B..~.c..>.)~.c..J...................;........4...4...4.."..............~.c.~.c.~.c..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4.........~.c.....~.c....#~.c............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):179460
                                                                                                                                                                                Entropy (8bit):7.979020171518325
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3072:oiKXvL7lv0am/R1vrdH+9dK6zPQ6bbnGDpcGGDNMIOIMAT8q9Vc02Q57S4A+vMFz:+vlvC/HvgA6fGqGGJlO1qZ71W6CzDn
                                                                                                                                                                                MD5:4E131DBFEC5C2462273CA7B35675B9D9
                                                                                                                                                                                SHA1:CA037F444D819A118AC37D7AA3782B9BF94C1616
                                                                                                                                                                                SHA-256:2A4A3530D652E227DDD5ADC096A95F6034718F7C380B07DB622022D768815059
                                                                                                                                                                                SHA-512:C333ECEB1439D0238BF44FB7896E62DBA4C645B70413AA0F99C1F10E8DCD20C2EEE5C83F2E9DDE9A2494C85A6D8D13CFFFC4160E2F598E17867015F5244D656A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!.1AQ.aq...".....2Rr..Bb..#34.....CSs.$5c.t....%.Dd.6.T..u.U....E.7w........................!.1A.Qaq......2."r.3....BRb.#4......CsSc...$.5..%.DT.t67d..Uu...'............?..c.......p..z..i.....z......kj........F>f......3N...M....RM.&..-.~.Q..'.....q.a..w...-~......g.{..&.......V.n.D....>FS!n.....@..)...W..q..Wr{..J.gf.{.M$.P@m.,..9..&m.D...w.._...-.O........s.....h.k~......(.K...V..l.-...+.9.k......*......#.p#.O..9M..mF...C.......7+.AI....4vw.;..H......e..Q.u[.eUK.....z.....[.Kt...s..Lf.4..l{.....sh.............=..;..iqkj.m.a...NH......v..H..$..q.y......c...U[Mcf.......+...S-...^....4..T..YtL.x.v.;.....<...Ik|B.$.s8......3.+.8.l.. h.:....%B..W..I.QRS..,*x.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.369982088381113
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:6sCYExTlYaiZEiXJ91JERMnF5y99El/JHV/0:6smBYZGiXJ91JERMnF5y4
                                                                                                                                                                                MD5:8A8FD0089126062DB6146730657E98F5
                                                                                                                                                                                SHA1:C580F473EDD4FF789B1EC216C959F72128B3B1F3
                                                                                                                                                                                SHA-256:270157CAD168F552719A458E533CE948A023841B65876A9326161942BEA5D2FD
                                                                                                                                                                                SHA-512:3B519F7E68A587E9EAC0D74886EEBC62B9C2E3118A1146338C39BB7ADC4201E0F3BCE79B4B670E8831231112AE2C1C1E7FDD1D9AB14808ED8D072E7DC90C2813
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................I.......I.qk..B.....LZN.......N...6...$.....".N...6...$.....".N....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............G.2...5 .-'%;.....N...^...............'..H..0@...............f........................................I.qk..B.....LZ.............G.2...5 .-'%;..........G.2...5 .-'%;..........N.......N.......N...........................................N..j....N..T.]..N.......N...B..N..H....N....B..N....>.)N....J...................;........4...4...4.."..............N...N...N....z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4.........N.......N......#N..............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):109698
                                                                                                                                                                                Entropy (8bit):7.954100577911302
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3072:rDlmvIWr0aRtNCfShCWBxyCHMlcVG0Ezy4FR:rDliIfot8ahCWBcCHDVwR
                                                                                                                                                                                MD5:8D804A60E86627383BED6280ED62F1CF
                                                                                                                                                                                SHA1:E23FF14B10AD0762DD67FBA3CD6EFC85647C0384
                                                                                                                                                                                SHA-256:494547E566FB7A63DD429EB0699FE41AA8998F8EA2F758D813FE3D56C3075719
                                                                                                                                                                                SHA-512:0FB19F3D00159F2748C3A54E952E551B9FEA6910D67A54DECA8D099992E50383EADB92768FF1F75CFFAE82A7A157B1E0F77A2F0BE7EC64FD2324304FDCA46577
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...............................................................................................!"#.123..AQB$..aq.RCS...b..c4%..rs..D&....5E6'..TdUte...u.....FV...7.......................!"..1A2B..QaqR.#.br3.........C%...$5.....c4U..Eeu&SsD.6T..................?.....O.C.....^..R<A.g...[....3.....r.0.....nX.S....}...[.?Z.....A.?..~~I..rY|N.o...9......!...o7r../-.y...'5.3.U.s".-.0.1......SS...&.Q.j.*.$m.e..:x....`}...EP.?.7..~G(so.......O.....z.N..<....~^a.e...........p9.?<._..|......~.<@.D.9..G..?.?z.y?z.C.U.w..[.,..A.+........s......g...G.^....pz.xY.....d8.y.X...P..O(A.O..~:._.......<...o..4s..^.^b..x......_a.....|{c...:..X.....}.._...[?..NK.c...}.<......H.G....+x.Z..|....n...o....`.nk.#.%x......-|...|7......N!=././..w.8x.".8....'x........w...,>....j[w8a..}..lS..?.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.327932583705873
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:ysZfj3BaibUFChEeXL9638nJERMtaSg3BUBpsEN0rS6Mt:ysZrxaibU4+eXL9g8nJERMtoxU7sEN
                                                                                                                                                                                MD5:19087A3A27FAE8603E335C9D1754887C
                                                                                                                                                                                SHA1:B77CFA66A4DDBD6DDDA443947E0825DA53589A41
                                                                                                                                                                                SHA-256:4134A2C646458F51558B665CCD531DE0833BD784E2C59CF6FED9021D482F2ECC
                                                                                                                                                                                SHA-512:E35DE81A72B3318B0D709436E259923425F7A916FADAAC403F796BF6F214F9E323A5A733B8575BA30D196F97EA9B4FE414FE9A75CFF1469F68CB619B16486BC5
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ1......1.2B7!.(.n..Yv1.2B7!.(.n..Yv1...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..................J..!.....7....N...^.................s..DJ.4.C.7ix........f........................................I.qk..B.....LZ.................J..!.....7.............J..!.....7.........1......1......1..........................................1.j....1.T.]..1......1...B..1.H....1...B..1...>.)1...J...................;........4...4...4.."..............1..1..1...z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4.........1......1.....#1.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):41893
                                                                                                                                                                                Entropy (8bit):7.52654558351485
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:pZvVQkUbOHxx3pvVmO5rsP5gUdXwFMuv53knzyncaXgRDqPU:pZkijV5wScXwFMYknzucaXgRyU
                                                                                                                                                                                MD5:F25427EFECFEE786D5A9F630726DD140
                                                                                                                                                                                SHA1:BC612A86FF985AB569ED1A1EA5FFC4FDB18FC605
                                                                                                                                                                                SHA-256:5A36960DF32817E8426BD40A88F88B04FB55B84BAEF60F1E71E0872217FDB134
                                                                                                                                                                                SHA-512:B102F34385196D630F198667E874F25ADBC737426FDAE0747EC799B33632E5DC92999C7C715DC84D904342738930267AB1709870BDAA842243E4C283FE5E1554
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................!.1AQ....aq......"......2...Xx..9BRr#.b3$..&..g.8....%F'G.(H.Ss..D5E..v..W..Cc.deu..7w.h.).....................!.1....A..Qaq...Ttu.6..."R..5...2B..S....bcs.Dd%&r3C...#$...Ue.............?..R...%.R...t.MQ*.l...v...V]..n...Zw....M....4..F.&&bb0.:]l......ay.r<..3.l.Q^.........I54.N2.8..2s...w..r6.......[1Zh....O...9..>...B......x]...r.\.\..v..~....y.QT.3.......=....r..}.l.....o;....M..C1....w)...+o1f.]...MoA.E..s5..i.\....miGsy..m\.Zj....I'YU.\tU6La5v.>.K..m.]1.......k..0....</5v.V7lY.e.vV.+./[....f..u{....s.}.Rb.Z.....Y.6]..m....V.\...Mr.=r...K...l..%..m^.......X.(..fG..[F*ly.jL.a4..vs..o.e..q.9km..w1.yg.....r_.*h.n..5i.-.{Y.l...<...'Or.s..Z....../JP.....\FV.S..............m
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):3.2771944958389665
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:W9FJRfUhUff2El+l1yKtrZCrBJmQEtaDsNmJ9EZVbsPJmQEtaDssDEZxlYJmQEth:gIY2pQ8jKzEDbPUErl7U/Og2a
                                                                                                                                                                                MD5:0E75EFF4612E209E5B898F25082A82A7
                                                                                                                                                                                SHA1:3F190D1685CE016B29702D614C3B3CAF944B8822
                                                                                                                                                                                SHA-256:054089B13D13588255D1EFA9F4679AA5F0A4868337FCC8D6F56F6B7FE4EC44F8
                                                                                                                                                                                SHA-512:6ACDEF3036AE9B9E1D337F6E9FD45E3F9BBC5EBDFCBA153F82037E332D2A18DFD831290D0460C1BA395F0C9EDEBE1F0D3F9F98455A3345E33CBE12FA519F9FDB
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:........$...........t......................................?....................................................................................................\........................................(......(.{......Mx..q8......q8 ../..o8......q8 ../..o8......q8.&t.D.x..2....Q&t....of.N.F..?......o...........q8......q8..................................................q8..x...q8X.....q8..4...q8......q8..$..."jT(Q....oT.9...c.T&e................4..(.....x.(......"j......"j. .N..,..3...o.......of.N.F..?....2...v............................q8...o..c.............................o.....&t...c..,0...e...B4.$........[.-...I.......9.......................c.......c..{.{J..ffriMC&t......&t.D.x..2......(.{......Mx..(.... .i.4..~6..T......of.N.F..?......o.....>.......4.......&t.D.x..2....Q..of.N.F..?..........................c.......(..c..,0...e...B4.$..............E........................................0...........e....4..................T.o. .D.o. .L.i.s.t........s.)..O@
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):12288
                                                                                                                                                                                Entropy (8bit):3.9344129410323427
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:TtsGtFlGkwfGXQETZcHRzTPfbztrjNmIYjh93xFXP6nm:exW9URzTqvrXj
                                                                                                                                                                                MD5:FE54D4774DF544697BD748495A5B962A
                                                                                                                                                                                SHA1:6BB12B009213447F2354765595E5AB4B151DBF69
                                                                                                                                                                                SHA-256:2ECC403643D7FA7B3C4CAEEB17FDBA4ED833771CE338C28B77F2B2D135C05873
                                                                                                                                                                                SHA-512:01AC11D55940E40756452DCBB6A6AC07BF4097A47644F937978E6D04916A2D6D06537C24ACD5CCA472FAC46C75008974C7BCE91812E929B2B984539432945F45
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>...........v.......X .. "..2...>...d...<...v.......@....!...........................................................................................................................................I.......I.qk..B.....LZ....;.......E.......%g.k....E.......%g.k.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............%.*=.'...b....r....N...^...............p.p...F.....Z.........h...L...............................D....I.qk..B.....LZ.............%.*=.'...b....r................................................................................................j.......T&n....................H.........K.............$...........-...J.....z...y.. x.. ...........$........2..72..7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.5............(...#...8.....z...,4. .......$>........4...4.@..7.....................D..n4..o4..p4...4. .F
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):68633
                                                                                                                                                                                Entropy (8bit):7.709776384921022
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:tapXpSTJDOkFGdJdBk/slsbfsw1imaapnbvD8:U2OjJr6b07m1bvD8
                                                                                                                                                                                MD5:41241EE59AB7BC9EB34784E3BCE31CB4
                                                                                                                                                                                SHA1:98680761A51E9199CF3C89F68B5309FBEC7EE3CB
                                                                                                                                                                                SHA-256:035B26DF61855A3F36DBD30FDAB0C157C04C9E8AE2197EA4D4AEB3E82E6A4C2B
                                                                                                                                                                                SHA-512:3EE331D5BCEE4AD5D3FC9661D4AB4053F7D351591A094334F963C33C9D0E32CCCABE9334AD7C308108CE99617E064FE848DCD469ACD8D83FBE5C4452DE523D8F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:05:55.............................d...........j...........................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?../$.W:SZ./...9.....-...u......r.....].c...@W_.7...+......v.+PD.I..-<1.pDn-\.....p.$....0.}V....\..>.~..XN.o..l(E....ik..o.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                Entropy (8bit):4.086971337847165
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:lr0CgSgL3oemQyrOs95b/jkjFw/AEJ7qt74Pi0qFOlz07GXeFoOQRXRJwu7jjYNV:x3g9w/PJDV07YxRJ2s/OU
                                                                                                                                                                                MD5:6D173FD0C13306C3C3D162B3A41C71D2
                                                                                                                                                                                SHA1:876C1B9EBE6DF678063B603BE385B5CF372096C9
                                                                                                                                                                                SHA-256:3E48009916838BD9D2A06BE337F2CC65C3BE7D8FAE0C081C8CE17059824B56C8
                                                                                                                                                                                SHA-512:A9B54757F5BC9FD7E1FB03AB11C8744FA5C22793F94F05EB78617A022DB1DBC3888CFD244BCB702E4C70BC156D53A0DEE4F1364266F8D445F3EDAC5A833635FC
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:^...>.......L...d... .... ...9..^...>...........d...h...@...@;...........................................................................................................................................I.......I.qk..B.....LZ.M..1....M..At1......n..M..At1......n[.M....?.WQV...W#:U..?..I.qk..B.....LZ.I............M.......M.......M............................................?$......? ......?$......?..)....? .....M. .N.&.M.....'.M...@.....'.M.2.M...z...,4. ...."......$>........4..`..7......L.o.w. .P.r.i.o.r.i.t.y.......................M.:.M...M...z...y.. x.. ...........$........2..72..7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.2.3.............?..z... ..$........................................2..7.........1.h...?.......?...?....rA\.-?>...o.u.t.l.i.n.e.L.o.c.I.D...o.u.t.l.i.n.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.4........?ff.A......'.M.%.M...M...z...,4. .......$>........4.@.4..`..7.....................D..n4..o4..p4...4. ..1........M.*.....M.....%.M.#...'.M.&...9.M.....
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):59832
                                                                                                                                                                                Entropy (8bit):7.308211468398169
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:HS9SYFtN0+CRa9mfJy4zBAiIJhzrkHDV2hJK:yAmta+Tyy4zBIJW5WK
                                                                                                                                                                                MD5:DCDD543A4E0BA2C1909BA095D46FFBCB
                                                                                                                                                                                SHA1:B86C89537138FE07255354202D3EAD0B53B3C54D
                                                                                                                                                                                SHA-256:28F334B77068F71F5F92A95695433B950610204A0E5580CE567DB8FAD4993ECB
                                                                                                                                                                                SHA-512:5408C3259B7F3288A4BEB04342799AD5FE3A6F0EC7E92353B29B7E7E538DFA9903B39637226919E0421BC422635D25F5F8069DC7441864DC03E1B909BF5C2C84
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H.....fExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:08:07.............................S.......................................................&.(.................................0.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................y...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?......;R~+'....xh..~.n-}.......Te................^B..IU_....._...S......h.......!....9...A}6V=J......C..c.....Ug.Wh......
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                Entropy (8bit):3.203834705642266
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:bCJfvfBK2SMie3Wrgt/g8X1pv2kYG5MFZzu95oBkRJGwvxTNKmLXf8ep+GRT:bCBU2SMiE4Qpv2kYGWQvRYix0mgeQ
                                                                                                                                                                                MD5:6EE11F6B3BEA49E68AB4726E7383F0D0
                                                                                                                                                                                SHA1:402E196770E79F509EFD839D9C74FBAECC10C531
                                                                                                                                                                                SHA-256:023D05A93A73C7842706E2CAA433130E67407375DA9D4577D934AB1B486D4DE2
                                                                                                                                                                                SHA-512:3DEBD34836D2987A6CEFF52DF9E20319D1E80D9E0D07BFBC24565B8F131F04949820A48999A5F286A068518D2C907EB547A1B5D84A7D4EE8D4E986D88B71B362
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>...........v........ ...-..2...>...B.......v.......@....,...........................................................................................................................................I.......I.qk..B.....LZ.$..P....$.%.Nn.=.$H.Pq7.$.%.Nn.=.$H.Pq7.$...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............u[..l...~}.x......N...^...................#w+E...K;..z................................#w+E...K;..z............#w+E...K;..z.........u[..l...~}.x....................................$.......$.......$...........................................$.j.^...$.T'....$.......$.......$...-...$.......$.......$. .L.......$.3.$.I.$...z...y.. x.. ...........$........2..72..7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.6..............$.3.$.9.$...z...y.. x.. ...........$........2..72..7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):53259
                                                                                                                                                                                Entropy (8bit):7.651662052139301
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:dCiCBBenRYWDBCipMYGTbYGLHbXxoP/qEF+MU50qyJ30h2W474S/Aq/xc4674bi5:dCiIQXBCiwbDLHD0/sFyVel4Pi4UgE
                                                                                                                                                                                MD5:2EE369ABB7936F8C28FF0ABDD224EA05
                                                                                                                                                                                SHA1:FE9D304A7B49E31EAE439369ABC548E265149636
                                                                                                                                                                                SHA-256:FB12D59B8BE911247BBAFDD416852E8B74B028005A141CB4DBBBA109B4B6ED2C
                                                                                                                                                                                SHA-512:5CF396CA472C32AE988600176114106CB1619404DD899A3867A5AB43DC90583B771EF69B14EF50E56A21F038BF51D8463C6ADD2DE9D4CB523F6290E24A4DECB3
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..AQa....q........"2..R..Bbr..#S....3$.....C.4v..(X.DtEUV.....cs..Td.5uf'Wgw8Hh........................!1Q.Aa....q.2...."R...r..3.t..U...B#S.4ub..C$d.5Ee&'7c.D%sT..............?.....?...k,lk^...M".Yo5.Qp.&s}b.m.:...W.x}.*.a......N1..d-n.-..^..b..TZ.W..."....F....^......ve5...^...2.:i...........~u2pK.z./&..u..L[I....Y....@y{|>..MN=:....Q[..H....a........|%..4fV....).....^.9b.f...F...p.=.W...aZ.........Z.t.n.....z3..[..lVh..\.N-.._.sK.y.._e.G.jig.a.7^....u...*.p.5.a.].........u/u..D.yl.XA..f.z..~.x.....N.....b=.uv.2.t.'.N.-.H..n.v.a.A[.Z.....T2...._...:....h..l.E..sm..a.3I...RE...fWb.Ek.0.#.)..Y#T...........u{....U....s.].7_H.2.`O6...P......}..4LR....]4.mid...
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):2.601370556591631
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:5vurfdC+lX3Gh+3rJalMV3spblzflZzljz:lurT3Gkr13ov
                                                                                                                                                                                MD5:C74CF0FE9FEF5171FC0A8F033EAF71B3
                                                                                                                                                                                SHA1:6F8BF5A353AC6010950FB23B65B814D86E0E2E34
                                                                                                                                                                                SHA-256:CE2D5DC4EE72B52B3CCD977913DB4748195BE2F83F3A5D69B8876A38CFF61580
                                                                                                                                                                                SHA-512:13138CBD62827E1F9B1AF313BA5687DC1015831E25E49E284C182722B74B3144728574D6AEDCD0189F41617237BD4DF4F9C5695FABD216D061DFE7C1414591AF
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...........................................?...?.........................................................................................................................................................@.......@....VF...|..............G..`K..X\.i....2kd...-g..H.P...2.0.w...V......{D.0.w....G..`K..X\.i.j..............@.......@...................................................@...n...@.`.........8.......T.......a.......h.......r....................4..~...1...(...(.......C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.\.r.o.o.t.\.T.e.m.p.l.a.t.e.s.\.1.0.3.3.\.O.N.E.N.O.T.E.\.1.6.\.S.t.a.t.i.o.n.e.r.y.......S.t.a.t.i.o.n.e.r.y.........1.......S.t.a.t.i.o.n.e.r.y.................1... ..$....S.t.a.t.i.o.n.e.r.y..................G..`K..X\.i.j..2.......2kd...-g..H.P.2...........0...`................@........2..s]............................2..c..,.........................2..c..,0...........h/.{..G...q&..l........................1... ..$....S.t.a.t.i.o.n.e.r.y...
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):72
                                                                                                                                                                                Entropy (8bit):2.2302078877014586
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:bWl9aaHt4ARaDlKlF/laRatl:biXHt4Sawf/A8X
                                                                                                                                                                                MD5:D8AB93450962BED07705A029351A5BCA
                                                                                                                                                                                SHA1:83D87DC8B4AA6F8D51829D7D6B4ACD5EECF65C62
                                                                                                                                                                                SHA-256:C1BA5D81F24FECFD0311FB1A602572FD78EA753FF8D5D3B76E625B9EC042F1F3
                                                                                                                                                                                SHA-512:7F063E1490A8FF7246E5FB95830A654478845215876286255461C02A2C48E627309386D68D874D1A94207F3700BBA0F0753AF1860E3049B806B366BE54995A12
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...... :............................................4..../..............
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):0.04401584019170665
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:RRk//:Lk
                                                                                                                                                                                MD5:CD74ABACE8A00B17BD8107BC5982C21E
                                                                                                                                                                                SHA1:D53193CF8A43D766FBFA52976192F44D6B0F79B2
                                                                                                                                                                                SHA-256:B670BC07C9CB554511180DCF3F6A2C7818E8CE6E67B84784F0EA4D35EC61D516
                                                                                                                                                                                SHA-512:1B48A37FCF0F9FB9ED9B31A8F3E36596689BF1EEC6F41F5EFA3C728121944919CE7A81F0379A108D80AA051CFEF07DC296F9C0691FC8855983B2F29EC15C7FEF
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):0.4996453965027384
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:vldawlAuil8xt/l2l+/lnzaoe17ONaoeC8tOkdaJ8l/bl2hliJw5YqJylTmB+ElY:NTc+IN+8vGwJ8yBmB+ecw1EVXhmB+sK
                                                                                                                                                                                MD5:B25DC81DF282BE0E2DE0243AE451FBF2
                                                                                                                                                                                SHA1:8F3F467DC45ADC60337719FA63DE72ACDE3590F7
                                                                                                                                                                                SHA-256:C59AF35BB87CF7B071803EB93DEC6CAC7B8E134AB94BA32EF89A4E8905D26A81
                                                                                                                                                                                SHA-512:71931B37F6D7CAEFCCCD474DF60674EEA986C9057667937915355D6870F8D933B5F9FF2FD1EB5950E858DF462D2134B09825C169427583944A481E24D75EBA4F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>...........~.......................................................................................................................................................................................?.......?....|.O.J.o..].........................?....|.O.J.o..].?....................................................?...........................................................?..P..............................................................................5........m;.H....7.5N.........\.............Z.....C.[.4........N...^............................................................................................................Z.....C.[.4................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.74758066465627
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:K3OPsDapxz3L94xyw0LIBlkw0LPq8FFvECLXeg1wEwLQh4JMbcbbjbbwabI18:K3ypxjp4xyLUgLmktECKEwMh4
                                                                                                                                                                                MD5:9665EEA35F5381479E9925235A99865B
                                                                                                                                                                                SHA1:96548026549CAB07640941DB1EDA9EC0B831BF74
                                                                                                                                                                                SHA-256:BB9E6BF3497C955D919EC28FEB97798BBC6412ABD598413E0DFC635204A77D5A
                                                                                                                                                                                SHA-512:71CE5BCB26FE892F2940106BE4EBE1F3F727DE2EF783BD2EBA454FCB01D31F8881C814109924F3190DD761B84B5B7C08FD05101DCCA811CE7E8982B3070B2870
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:j.......`.......L..................................................................?....................................................................j...............L...............................'.0.....'.0.q.p.9....;Z.;.....Z.;.GR5....... ..@X....".s.AO.@X.Z.;.GR5....... .Z.;.`....?...-M.U.%`............Z.;.....Z.;.................................................fT......fT...e..^%..x..QFn.....QFn....N....yq..2...,...^.......................'.0.Z.;..fT.QFn.AX..`............Z.;..|..Z.;X....Z.;..2..Z.;.....Z.;.."..AX.T$......T.N....T%j......QFn.....`....c..,0...e...B4.$..........C@RQ.H..B......Y....................AX......AX..>..A......$[`.......`....?...-M.U..'.0.q.p.9....;'.0......A.J.f\09......1..C....k.{........>...............Z.;.GR5....... ......A.J.f\09...1..C....k...............fT..c..,0...e...B4.$...........I...M.....0...............................0...........e....4..................T.i.t.l.e.......|{....B.l...R......(....Y......(...D...L.e.c.t.u.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                Entropy (8bit):4.741976746184895
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:3sneSDA1E7TXJUoRRi+a3joJUgLdi9sH8FFNI:8wW7rHRRi+A0dqsH8Z
                                                                                                                                                                                MD5:C362CFAEC740681D1D7FA1594AD85336
                                                                                                                                                                                SHA1:74FA62FE03AF06F80A247E3E86AAFF8CF197F242
                                                                                                                                                                                SHA-256:7749355ABC2704134FD3138C41D0C1CFEF8D50899DB32BB9FC06F05090FA6AE7
                                                                                                                                                                                SHA-512:E81C83B5A81F32CF27B7F0931ADF00C0CEDD6A390CA942742D3CFE904DE4857B9DAE74F3E9ED738408321C85C93655ABB55B45EA76295DBEC7182717BF972445
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......t...v...h...................................................................................................................................2...>...P.......v................................I.......I.qk..B.....LZ....4.......w.(.=*..X.T.....w.(.=*..X.T......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............m.~:.E0..ld....x....N...^...............W..n%..L.{~W@...............>...............................$....I.qk..B.....LZ............m.~:.E0..ld....x........m.~:.E0..ld....x........................................................................j.......T%;...............W.....H.........+.......S...............Z4...........................................4../4......p...............C.a.l.i.b.r.i.....................:...k.....z...y.. x.. ...........$...........7...7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.3
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):40884
                                                                                                                                                                                Entropy (8bit):7.545929039957292
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:MCBOA4d+ElOXJ/3pI7cRBiL7L6qERqGz65WXzZqJsKQSbIsTT6XB:hIAU+2cGdLX6qBG4WDZl4Ihx
                                                                                                                                                                                MD5:7379775A1E2AB7FAB95CFFCE01AE05F3
                                                                                                                                                                                SHA1:3D3DDFD8AC7E07203561BAE423D66F0806833AB3
                                                                                                                                                                                SHA-256:9301DB6D2D87282FCEE450189AEACE16D85F64273BF62713A3044992B6B7A9E9
                                                                                                                                                                                SHA-512:4B5006E620E80D3A146944649CF4CA619782CAD7E8C4CD0D1DE0EBCA0FA05EACB7378DAFCEED3E26F5698B07F19604614D906C8F51F898660E2F129D8DEC6F62
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1A.....Qaq....".....2....BR#S..br...3T...C$.7(Hx....4D.G..Xh.cs..'..t...%...8.....................1...!AQ..a...q"2.4Tt.......R3S....Br...#s...Uu.bc.de..$D..6..C%E..............?...z...;sB.yv...........]t.\...n...../....m....M.=.3G+..x+.....S).*&.J../..8..O/+..sG...p...<!....~.c..C.w..,[oHom.wc-.J.~.......L[..6...'..i_..S;...!Y.z.q].EK..M.x...i.x.+.;.+...}....#......f.)........e6V..p.;........s.)..Ml.J......IU.6...<9+9.^..l..Y...[._...2..^..j.ia...._..3.;...~..<3...;......z.^.......]..Qk.,...Yk...3.3Jy^p.}....q...I...&..t.......;..9.g.GH;..'...%...)..[..y..../...zCn..>...'...1e.Y..;....]..7...N>t..m-.j.............H^..T\.q.ru...}...eTn]I'r.^].#..wOY....v
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):12288
                                                                                                                                                                                Entropy (8bit):4.399761155534187
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:HsKqaRFXFdbq7wqY8LOENDTS8IAxDORVLCRj8X6qRkbRP6CNyWH9yi78R8w8Juj:MxOFDMwd4OEJmnAx8VLCE6qRkbF6Cnds
                                                                                                                                                                                MD5:F1DD9F8D6E86A67684F3E1D3C3B3F57C
                                                                                                                                                                                SHA1:7BEE61CB9FF0267EDBA7194714B0D63EE54C30EF
                                                                                                                                                                                SHA-256:F91852A480B75F3CB6A68E7ACB495CF2E56C9504ECC3DB2A623EF44FAFF22768
                                                                                                                                                                                SHA-512:5E23B453DA64F7D9A67BFC1A8E3A79D1C6BDBA0226519C43248EA894CEC289BB332C0F78AB920FB63ADBE98C1ACE5294F0F894EB32FDC8C486715A6547B27758
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>...........v........ ...)..2...>...B.......v.......@....(...........................................................................................................................................I.......I.qk..B.....LZv...H...v....@...&...F.v....@...&...F.v....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............o..m......T..S.....N...^................m.%.ZkB.\....0............................................"....I.qk..B.....LZ.............o..m......T..S..................................v.......v.......v...........................................v..j."..v..T....v.......v....T..v.......v.. .A..v.......v.. ........v..3v..:v..8v....z...y.. x.. ........ ..$...$........D..........7...7.........*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.1.5........................Z4...........................................4../4......p.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):24268
                                                                                                                                                                                Entropy (8bit):6.946124661664625
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:d2wiieoHTRh5a1HAteZCWOZIM+L7WhNjYn:8wHFHJ+/OZIKhNO
                                                                                                                                                                                MD5:3CD906D179F59DDFA112510C7E996351
                                                                                                                                                                                SHA1:48CDB3685606EDD79D5BCDF0D7267B8B1CCBD5A8
                                                                                                                                                                                SHA-256:1591FD26E7FFF5BE97431D0ED3D0ADE5CFC5FA74E3D7EC282FD242160CE68C1F
                                                                                                                                                                                SHA-512:2048CBA13AF532FF2BCC7B8B40541993234BD1A8AB6DE47B889AF3F3E4571F9C5A22996D0B1C16DD6603233F6066A1A2A97C16A6020BEDD0826B83BAD0075512
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:19:29.....................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................$.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....)......[]t.\Z..g......A....&D.$LH._..X..Xl...`....cZ.X.........>......f.Z.X...]..~L.S..@..I$..I.IO.....x...s.g.[f.h{9..
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):12288
                                                                                                                                                                                Entropy (8bit):4.648935352788596
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:4EsRLMIHHSLVm+iGa9hjnWYNJArXCvUS+7B6XsPTPRpShrboJhGbfQF9kQtYaQf:4ZqGHSbanjWYcrXjVUsPTPRphhsfQnkD
                                                                                                                                                                                MD5:05B2BBB307DA1130ABD48294BB96D5CD
                                                                                                                                                                                SHA1:7430A8E68E316CE643FC55765BA6AC260A5FAD79
                                                                                                                                                                                SHA-256:44B80014F4B566FB350A3EBCAF08C8FD77E8DF822FD18AD5486073D48B964817
                                                                                                                                                                                SHA-512:E32482089A7DB94136C9D861A5ADD6077C4813C312B5464456F9CC5ECD703F4A45C7A11CA95AADDE92B42CA58FB8B76CBF0F822C920B50D66DE2D9F61A42B6B4
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>...6...z...v...N.... ..X,..2...>...........v.......@...H+...........................................................................................................................................I.......I.qk..B.....LZi...N...i..h..P..g.....hi..h..P..g.....hi....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..................n..7rD.(.~.....N...^...............;....XN......G............P....................................I.qk..B.....LZ.................n..7rD.(.~..................................i.......i.......i...........................................i..j.9..i..T....i.......i....s..i..H....i....0..i....`.&i...........i..3i..:i..Ai..8i....z...y.. x.. ........ ..$...$...............7...7.........*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.1.1................Z4...........................................4../4......p.........
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):39010
                                                                                                                                                                                Entropy (8bit):7.362726513389497
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:6tCjwO+E+KW0ZtOgepcoWW4pAWQ6/KWcR474HOAZaDfK:68j+E+KW0HOgep/72/NKWcRNefK
                                                                                                                                                                                MD5:9700DE02720CDB5A45EDE51F1A4647EC
                                                                                                                                                                                SHA1:CF72A73E1181719B1CC45C2FE0A6B619081E115E
                                                                                                                                                                                SHA-256:7E6A7714A69688D9FFDF16AA942B66064A0C77FCD9B3E469F89730B4B9290C3E
                                                                                                                                                                                SHA-512:5438921467D62376472007B9EBF3C35C9D9FE3EDE04D99A990129332D53EBC8EE2555C0319A4F7C0DF63516F29CEDF2171D8B6DC34C9FCD075C2CA41EB728660
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!1..A...Qaq..".......2BR#...b%&6..'w.r.3f7W8.s5EUeF.g....CS$4.Vv..Tdt..G..(c..u.Hhx.......................!1.AQa..2.q....".s...3.4BRr.#......b.$c............?........uf.....t...;..[...W.h.....-.k.f..i.u..KQ..b.F...rM%/.8n.S..=9.....G$O;.f.}L..N..U._i.[.X...3.~....S.~..+t$...c.5......{..X/..#.G...}s....6......^....o~.$.\WA?...^*w[O.~..6..~....a....~..:..0.......{O...|.s.u._w.........i...........{K...._.?.../{.....A..8....<g.iu..<..................X......|]v....D..9.k.w.|-IF.Tv.-.&.........."'.4.b....z.._.Z.....G...u.xyt./_.q..m>..S.V.Xdc.bw.T.W......g..........}s.._..?....U]_.......`......>.|'.~xH....,...?........?.q....o../..R..;...Y.G....A"?......?.<..1...w..o.M.........tco.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:DIY-Thermocam raw data (Lepton 2.x), scale 14662--14549, spot sensor temperature 533935292416.000000, unit celsius, color scheme 1, minimum point enabled, maximum point enabled, calibration: offset -0.000122, slope 13264930093240781317059293216768.000000
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):12288
                                                                                                                                                                                Entropy (8bit):3.9571775294967035
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:QS3jusT3tfn9HvTzIuyQv4l1rEAPk0ReLkMmLPDN/v09pE83wqIvRMQY8izEUOiN:F3jbT3Z9Hv/3v4l1rEwk0Re4XJv09pEa
                                                                                                                                                                                MD5:B7B5B5569C887262703BE7D84675664E
                                                                                                                                                                                SHA1:E050389DE708D5CB9A97257A47A3F98853B45B2F
                                                                                                                                                                                SHA-256:FDB61D6C4FB54407099A1510C25FC0BEB283E77EBC1A03F3AA98EF1C6915D5DB
                                                                                                                                                                                SHA-512:C58EF94EB5E53951394131A2E30EAE9F17F8D1E5FCE46C9158F431EF1C288ABDBD87EEFC5E6E086F58E01ABBD9AFD312E555CDC1D09666B5B78CD13D325174D7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:....>.......B...v.......0 ..x#......>...........v...^...@...h"...........................................................................................................................................I.......I.qk..B.....LZaix.....aixJ..8....."#"....\.V...K.q...2....aixJ..8....."#"%aix..I.qk..B.....LZ.I............I.......I...................................................I.t.....I................................................................4..'...'.....................9F.+...R....N...^................Mm's(N@.*.v(..!........b...8....................................I.qk..B.....LZ....................9F.+...R.................................aix.....aix.....aix........................................aix.....aixJ..8....."#"%....8......\.V...K.q...22................................I...............................aixj.#..aixT.G..aix.....aix..Q.....H...............$.7................!.....z...,4. ............................"......$...7...............T.u.e.s.d.a.y.,. .J.u.l.y. .2.8.,.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):59707
                                                                                                                                                                                Entropy (8bit):7.858445368171059
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:k76rvGc8WKC2/UX1uEgVRY/jvv9CblyL/T:k77Z5C2/Ow1e9CblCT
                                                                                                                                                                                MD5:47ADB0DF6FDA756920225A099B722322
                                                                                                                                                                                SHA1:851946B8C2BD0BB351BAEECA9E5BB6648A87D7CA
                                                                                                                                                                                SHA-256:EC8CD7250F3D82E900E99114869777EE859EC73EFFABED108815F65742078C3A
                                                                                                                                                                                SHA-512:85A9920E1CE4A2FCCEBAFA425C925DF33580FA3C3C00178F058539B2FBC0163866DB8A41B320E2EF2CD217F00FFA06A1A831C728D3F9F910C9EAC58B5DA76E2D
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..A..Qaq"....2........B#..R.b3$..8xrC4&'W.%e.(.c.d.5E6Ff..h..SsTt..u...Gg..H.....................!.1..AQ.aq.".......2..st.BR..56.r#3.b.S.4c%...$d.CT............?....3.7...G:../P....z..K.:6..w......6....... .z7...~.....{gdF60...9....{...'[N....m.........z...g{.......7...4..1..=.z...._..p...m..Icd.~.v..9.P..0Z(.<j.......R6zm.....v.z...>x..)=g........zo{..w..f..y.t.....%.D..#.}.I.>).H.QM..cLD..x.../.^y.{.............y.=^.......I.T.......U..0_?...u..og..3.ky..K....6w...Dc......~........ik.z....N...en......_.....x....._u...4.{..P...>.....}.......>.R.....m.....[mt.....}.........|.....m......~....B.F.]C.36..q....yg...{]...+.DZv.9<.o..;..N.n&im.,....w.3...V.s...Y..e#$.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):12288
                                                                                                                                                                                Entropy (8bit):3.87018134671077
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:gsW9WVQWqxWuAsaaXZsRlbVdzoCdakwD9C5K07wgfzzHJszGm:FW9jouAl0ZsRl8Ct+CkQzzHJszGm
                                                                                                                                                                                MD5:7C23C75B80317D5D86B2FE838DBC17DA
                                                                                                                                                                                SHA1:D4C9D337FBF289EC27924235BC03E22F670FC666
                                                                                                                                                                                SHA-256:1036011BF7C93E0E326B393EAE138B95EF45A2F09EFE79064538E44D33B9954D
                                                                                                                                                                                SHA-512:DAF685583D84CCE11FFD6EAF16479660CA592D0A1CCA2BF492368901808596B19BBF68069C21FC19D2F800135CC99A675F60712557519081E14E29F417275782
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>...........v........ .. "..2...>...d...<...v.......@....!...........................................................................................................................................I.......I.qk..B.....LZh.-.<...h.-.....6.{f.O\.h.-.....6.{f.O\.h.-..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............+ID$.U?..m..~O......N...^...................x.B..9.4}.............................................D....I.qk..B.....LZ............+ID$.U?..m..~O...................................h.-.....h.-.....h.-.........................................h.-j....h.-T.T..h.-.....h.-..|..h.-..;..h.-..h..h.-.....h.- .W.....'h.-2h.-..z...,4. ...."......$>........4..p..7......S.u.m.m.a.r.y........................h.-3h.-8h.-..z...y.. x.. ...........$...........7...7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.9.............h.-
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):27862
                                                                                                                                                                                Entropy (8bit):7.238903610770013
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:LTawAZvhbrXzDc6LERLQ/b5vXOl6pXQ/wD5OUMrdRUUhCplQg0ESSz:6wm/vT/b4wxoqbdUhWnSs
                                                                                                                                                                                MD5:E62F2908FA5F7189ED8EEBD413928DEE
                                                                                                                                                                                SHA1:CA249B4A70924B73BDA52972E9C735AEC35A0C5D
                                                                                                                                                                                SHA-256:20ABE389C885E42B6EBE9E902976229BB6FD63C8C34CB61AA70B8B746209F90A
                                                                                                                                                                                SHA-512:EE8D1821A918BE8714F431895E7223D08036E88A4FDB9A5485EFF246640EE969A69A8AA4E2E9DDC35BA75FB6D4E95092A286E90B477BD6998C313639C2C31F25
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:18:09......................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................!.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..P.v..+..n(a..Q..S\6....Y....D......} w#.b..]l.5.RU..k...... ]$.$.........f........?.z@2uU...7....?..|.Q..I.&.. ......"T4)wdH.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                Entropy (8bit):5.333741529965113
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:RLeEtfMewI2dIz8lg5Nx2tvqrIxrTNvWAfopgayYEbMA7XYoXR/6yc8bDCPdDkNI:+I208q5r2BJVWAQl5UP2s
                                                                                                                                                                                MD5:84111B9DCD9E9D59D9977E2333153084
                                                                                                                                                                                SHA1:D6A14A0C4AAE4CCD35DE6C05D2BC8F1C0401C3A9
                                                                                                                                                                                SHA-256:BB90EEE3418002030D510C3B5F635FAF0423F4F78D57CFCEB1F6A80726DAB4DF
                                                                                                                                                                                SHA-512:B67B3084E618F5FF68BD4A48336C2ADA85A0B62B2401D1EDC6D0F178412D3EBF99CEEFDA43944F8FEC02E32CA16CA76916FC12C79CB92E69A0CA51413A7E6DF4
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:........x................A... ..`M..............(................K... .. L......................................................................................@................L... ...L..............aj......aj..8\......`B..n.......n...o..G..U.B...Pha......[.....P...f...3..L'..m.T..f..R.V..........R............fw......fw.................................................n..T$......T.......T.w..t..T%...x..T"~..Al.T!......T%!...IiT!............0...........e....4.........................A..:4E.2..p1......(...`.i.....(...(...B.a.c.k.g.r.o.u.n.d. .-. .Y.e.l.l.o.w...j...P.a.g.e.L.o.c.I.D...L.o.c.V.e.r...P.a.g.e.V.e.r.C.o.m.m.e.n.t...P.a.g.e.O.v.e.r.i.d.e...P.a.g.e.N.a.m.e...2...0.0.0.1.9...1.....0...U.n.t.i.t.l.e.d. .p.a.g.e....B+......B+.@[.O..<...a...5.......5...D....6.X.2...............(...X.......8...aj..n...............1}(...5...............0...........e....4........................yf.....F.Q.........(...pO;.....(.......S.t.a.t.e.m.e.n.t...j...P.a.g.e.L.o.c.I.D...L.o.c.V.e.r...P.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.050890141757281
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:bEsEZapsx2DtrtcEau8fXHW9HFs1hsToMrdHr0I0dXI4bt8aEu:QszCx2DncEau+X29QsTRRL2lZbE
                                                                                                                                                                                MD5:7F5E95C10612889280D592550FE28CB5
                                                                                                                                                                                SHA1:AA6A92D9398C81272E467427291B1C95D4D4FB9E
                                                                                                                                                                                SHA-256:35C655B1733818F9B656D6558CBF3716134D9B911B42BEAC15F1F9FE83C5D7A3
                                                                                                                                                                                SHA-512:982C9E807BE56E1FD2449B8E14D84D724973AAEA3F40FC13493AC7E84276F8CA6ECD5E9557910AB5F6074211AECCF167A5CEBDA94816E5A93AEC6816FA59C419
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>....... ...v....................................................?....?.............................................................................2...>.......|...v...H............................I.......I.qk..B.....LZ.............p..$..?........p..$..?........I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............A...o....P].......N...^...............J.@...N.u.............f........................................I.qk..B.....LZ.............A...o....P]............A...o....P]...........................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.07619758852638
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:gksYqhd218EQXs9f+DTPRyPIbfsr7cbORO/:FsvdUZQXs9f+DLRyP8
                                                                                                                                                                                MD5:6C6ED568701353ACAE2DE03A47344E09
                                                                                                                                                                                SHA1:624260A27A49153F45E1DB52687D11BAF8D1F67D
                                                                                                                                                                                SHA-256:1033F8CD8B9C5BABDD5A2598899B5877BE8E68A718A9B6DBE94F13F5F3340D48
                                                                                                                                                                                SHA-512:123BB304094E8EBA457FB817FC4903941F76178A0A1763CBB973DBF553A9AF45DE5395CF49B291112C9C92035AC8FF8E24F4DFEDB8A63C96916E75EC8BDCF9EB
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......&...v.......................................................................................................................................2...>...........v...N............................I.......I.qk..B.....LZ..%.......%..`....Jx..n...%..`....Jx..n...%..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.....................,....Q.R....N...^................K..^c.O.c;.B...........f........................................I.qk..B.....LZ....................,....Q.R................,....Q.R...........%.......%.......%...........................................%j......%T.]....%.......%..B....%H......%..B....%..>.)..%..J...................;........4...4...4.."................%...%...%..z...y.. x.. ...........$........4......7...7........................;........4...4...4...........%.......%....#..%............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.056319782714418
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:tns2fslyeuhdStChNgE3ptcXJF3c9jkLToard6rPIYsxdXDpjUyFODV8Ug:ZsZMdSMhWE3XcXJF3c9jkLTvRi2xxU
                                                                                                                                                                                MD5:6433E93185D0F52BD3A0CDD8A6E1FA96
                                                                                                                                                                                SHA1:CB146D6EC4F84C6679C89BE9E96C875A50ED3121
                                                                                                                                                                                SHA-256:3A88D6F9C1B5667D211AD57F58C598111623F509706ED1D1881DA21E9252DAC1
                                                                                                                                                                                SHA-512:34DFF1CE69880D490A3D23666A93EBDA1BEE4158D11BE3048B26B6A3E2AD8E62DB5E5D71F7831B2F251F3240917D987AF130730E348A6B176179D0187A63B7E7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......$...v.......................................................................................................................................2...>...........v...L............................I.......I.qk..B.....LZ.Jm......Jm..J.....&W1...Jm..J.....&W1...Jm..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............D.#t._.8...5/......N...^................~...OLA.).g#.k.........f........................................I.qk..B.....LZ.............D.#t._.8...5/...........D.#t._.8...5/............Jm......Jm......Jm..........................................Jmj.....JmT.]...Jm......Jm..B...JmH.....Jm..B...Jm..>.).Jm..J...................;........4...4...4.."...............Jm..Jm..Jm..z...y.. x.. ...........$........4......7...7........................;........4...4...4..........Jm......Jm....#.Jm............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.064812873713429
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:5smrvgFnyto9NqElhXs9wFToordnrbI/IPZdXH8H04TLo0HeFmRg:5sOgFny7ELXs9wFThRrvaOM
                                                                                                                                                                                MD5:4541EFEC67E358EFF592F151B6EFFA5C
                                                                                                                                                                                SHA1:0F331F49D439097F98D7BCDB605AFFCC2F2FD5D9
                                                                                                                                                                                SHA-256:3C1969212023C69CB3FBFC7911F602BB37B95DD71E1600C7BD92054A055379E5
                                                                                                                                                                                SHA-512:7CB5F8BD9A4DCAC0EA91593D9C3D2B7C4C5D2AEEF76F097AB84EB236EFE77F4CFDD392AD297CEA1766517D896C9B6225EC48FE9B4280EE6A3E9301EA686692CA
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......$...v.......................................................................................................................................2...>...........v...L............................I.......I.qk..B.....LZ<K......<K.......&z....<K.......&z....<K...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............W.J.M.K.(...E.[>....N...^...............J=.L.h.J..C....F........f........................................I.qk..B.....LZ............W.J.M.K.(...E.[>........W.J.M.K.(...E.[>.........<K......<K......<K..........................................<K.j....<K.T.]..<K......<K...B..<K.H....<K...B..<K...>.)<K...J...................;........4...4...4.."..............<K..<K..<K...z...y.. x.. ...........$........4......7...7........................;........4...4...4.........<K......<K.....#<K.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.077846784125028
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:Z/sRcf92slkuetPFe4EHhcXY9w5iE+EMToTrdqrJIVSdXkwUGKN0g:JsRgrlkueDEH6XY9EXdMTeRyCSm0
                                                                                                                                                                                MD5:6FFF85BD0D609E1673619DEEA0B1559F
                                                                                                                                                                                SHA1:22948F96C5724ADD9702CC8F07E9E7D802F82577
                                                                                                                                                                                SHA-256:B769CBCCAC880859E55F4FDA94C89DEB4CD6DFAB944E6595350D268B42DB00D7
                                                                                                                                                                                SHA-512:6A31E9342A8ADC67FC60E1B81D6C70EB5E4650BD720F2D4F10A851B57518C2B1F442D04AE199570531880DB5BAF20E0CCACF918DAA869F80A6B4C1EEA5010277
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......$...v.......................................................................................................................................2...>...........v...L............................I.......I.qk..B.....LZ.Q/......Q/>L`.......7.Q/>L`.......7.Q/..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............}.7.......R.g..=....N...^................._Sg.EM.1Y..&..........f........................................I.qk..B.....LZ............}.7.......R.g..=........}.7.......R.g..=..........Q/......Q/......Q/..........................................Q/j.....Q/T.]...Q/......Q/..B...Q/H.....Q/..B...Q/..>.).Q/..J...................;........4...4...4.."...............Q/..Q/..Q/..z...y.. x.. ...........$........4......7...7........................;........4...4...4..........Q/......Q/....#.Q/............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.068675457933996
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:YaosioSeZAm6g+tsNnWO/GEEnXs9PvBiToVrdDruI2NdXWEjeRUD+vkSVqa:VoshAm6hWNWO+EeXs9PvBiTgRP+S
                                                                                                                                                                                MD5:BD3907781BDE625FD6666D2878A95C04
                                                                                                                                                                                SHA1:3CA5E0B459F8BC0DD90FD8C2DAFAB301452B323C
                                                                                                                                                                                SHA-256:4A0610715C791D83726F9DD6FCF21051C9C3427297222E5CFCC03FFFAD28C8E3
                                                                                                                                                                                SHA-512:952F116E196DE604F2C58E2A4998FB82535771D2F00F46313547877DCFCB68EF75C0D092E7018374EEA1FDA6832115EF43FC1570C733F96D5B5B39EC736D18DC
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZ............Q.9.2..E.......Q.9.2..E........I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............L.w..@......o5.[....N...^...............XR..}H.S..U[..........f........................................I.qk..B.....LZ............L.w..@......o5.[........L.w..@......o5.[........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.088651963631278
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:6sIbE9AZD/EY19X699p3LTc8R2g89uaw+u:6sKZgYvXE9FLjR2gr
                                                                                                                                                                                MD5:B3D0ED2D536E867789D428295E6470F4
                                                                                                                                                                                SHA1:4A47DE9510B9B2D226DDBCD07394B3519C4272BD
                                                                                                                                                                                SHA-256:0CB710F2ED9BE2A8379E8FFCBFD21052CAC1FB2BE6A39C68880F17674053CB86
                                                                                                                                                                                SHA-512:920793DCE4D04E3582196BA2901301DC98AB6079AB8C8FAFC869E35FE37A923AAFC54FCA88C7A480E5405010BF561B371FF4E084D6CC89A90A2F9D3307AB1E09
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZj.......j..o.T.......C.j..o.T.......C.j....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............j...4.:G.).-......N...^...............!.L...I...H...W........f........................................I.qk..B.....LZ..............j...4.:G.).-............j...4.:G.).-...........j.......j.......j...........................................j..j....j..T.]..j.......j...B..j..H....j....B..j....>.)j....J...................;........4...4...4.."..............j...j...j....z...y.. x.. ...........$........4......7...7........................;........4...4...4.........j.......j......#j..............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.0678546802535065
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:YWnoslxSrjmssBteh2En6rhXY9wY2ToFrdvlxrMICdXi1R1KItPjl:6s8jmssBLEcXY9wY2ToRHExEPj
                                                                                                                                                                                MD5:3DA29FCF8D576D7F25EF1E29E7D223C4
                                                                                                                                                                                SHA1:93B4E0EBCBCC59AA890B2001AE6389A23F842E11
                                                                                                                                                                                SHA-256:DBB64E1E2E07D8BA0911BCA3C1853D6ACEE47CF69E9F5CD57A529320068C0E3D
                                                                                                                                                                                SHA-512:E6F2DBCAE04D63A2D27922FC26627B9B1491B841CEDC6725628F5AE6D8F7F33ABB8559DAAC750A082F251077B8153B4A44CE021866DECB5EDAB81BB4ED299F15
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZ^y......^y..'Ss...%.]w..^y..'Ss...%.]w..^y...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'......................<}..z.....N...^...............m.j..k.C.......4........f........................................I.qk..B.....LZ.....................<}..z..................<}..z..........^y......^y......^y..........................................^y.j....^y.T.]..^y......^y..B..^y.H....^y...B..^y...>.)^y...J...................;........4...4...4.."..............^y..^y..^y...z...y.. x.. ...........$........4......7...7........................;........4...4...4.........^y......^y.....#^y.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.080019744002656
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:YuNQsVwawGJcXCc2xEtEC8+EXgZQXw9GYjjCToxrdPrdIOdX2pRVGRENJz3F:LNQsA2xEXrEXgmXw9BjCTkRj/e
                                                                                                                                                                                MD5:56BDD2E88796EF292B7AB15B13DC688D
                                                                                                                                                                                SHA1:F93C3FDC7FCED9B68C7F86BFF0EC5B9278CF711E
                                                                                                                                                                                SHA-256:12E2FA6EE9B0C8DB30785CFE1C43AE74317172BC37BAD39710F1D90F68369BB4
                                                                                                                                                                                SHA-512:0B4D8B5E83A1EBF78E47C6573CD23B61F6D1FA0110EDA546649EDA11A6D532DE8E4642D718D4A5F685EE436880B0C46F0B337F5BB9711F06CD2C4E84DCD0D772
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZ...........hZe.5..4f..m...hZe.5..4f..m.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'............./.k.u......%.......N...^...............m..'s.kH..DEOVQ.........f........................................I.qk..B.....LZ............/.k.u......%.........../.k.u......%...........................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.095187045852256
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:0BsW97yvHR4gjEjXa59o3q8T6RI07v7yDhLdP:0BsW97yvHR4XjXa59wq8WRI8v7yDhLd
                                                                                                                                                                                MD5:FF19E4BE3731F344563E0940B507D793
                                                                                                                                                                                SHA1:39B69AD65CA2BE48F29EE8057EF910D2BF0C5AA3
                                                                                                                                                                                SHA-256:FD6E414AB796A77968A70954A75BBB812401CC9238D8B43D2785D554754CE325
                                                                                                                                                                                SHA-512:CD69B3A8CBDA46D180200B43AAFE2054BD03BB4058833D47B2C62FB7D4F0571CE5877856A7A2D22FEC840ACAE08006D1C6474C28A77AB16C47A3C34854148DDD
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZR.......R.......ii..Z.nR.......ii..Z.nR....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............{I..P....u...B.....N...^....................G...|ae.........f........................................I.qk..B.....LZ.............{I..P....u...B..........{I..P....u...B..........R.......R.......R...........................................R..j....R..T.]..R.......R...B..R..H....R....B..R....>.)R....J...................;........4...4...4.."..............R...R...R....z...y.. x.. ...........$........4......7...7........................;........4...4...4.........R.......R......#R..............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.088526611287025
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:YhsLbviNK9+t+NCELh9vBXkB9VYTofrdP7rsI/MdXwZR9F9:asqNK9+00EfvBXkB9VYT6RfhMI
                                                                                                                                                                                MD5:06E88A5CC5AB657C9E6BF25898F2640A
                                                                                                                                                                                SHA1:641F596D90B3DE2A8C838260CA1C72F4CBC3BC4B
                                                                                                                                                                                SHA-256:77F8FD2F01F62429844AA6EF5A2AA01EA884C37A6107C8BE206E3327B48EE4A2
                                                                                                                                                                                SHA-512:C6AF002107F1E3F739A905FEC9B89B4CF12424C963E78F8270177E633D3DECE99C93768A9FF3F34095105F4E17544A644A091EAD127F2AB66EA5065518B30F41
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZ...........6(7...q..X.....6(7...q..X.......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............!.]<)R.........C....N...^......................L....t.h.........f........................................I.qk..B.....LZ............!.]<)R.........C........!.]<)R.........C........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.077958928876326
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:YPBsD8/clQdti2EFn+tXmt9B0CvGTo5rd2trIISdXWZ3R2clF:qsCKQdPEF+tXmt9dGTwResS
                                                                                                                                                                                MD5:21AF03028F51A449FD93300B6F7E97D2
                                                                                                                                                                                SHA1:87B7B0CEB3750605C06595716A1DB85CC15E8B6F
                                                                                                                                                                                SHA-256:8B48A58B6F708FB1BB869D77207D83FA096E6764332B14245EB1055998463610
                                                                                                                                                                                SHA-512:612A2A963BB0D0A9B57370691FAB434A744B7AD6D338D637F201BFED8F75F64FDB1CC74A81597F3FCACC31214C52747D76A80CF131CC1773F0A4D476D0B4D067
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZ.(.......(...U..2..y....(...U..2..y....(...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............e....t....(.Y9L2....N...^...............EWBH..|K...eh>..........f........................................I.qk..B.....LZ............e....t....(.Y9L2........e....t....(.Y9L2..........(.......(.......(...........................................(.j.....(.T.]...(.......(...B...(.H.....(...B...(...>.).(...J...................;........4...4...4.."...............(...(...(...z...y.. x.. ...........$........4......7...7........................;........4...4...4..........(.......(.....#.(.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.104106321832359
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:lsVNtWJWUURtFtcEt1XkR9jyr96TobrdfokrhImxdXI5tstXkatDatZtsAmtntXa:lssWFRdcEfXk9mr96TGRfHFtyY
                                                                                                                                                                                MD5:8BA44B7222E8233757C7E182A0D9559B
                                                                                                                                                                                SHA1:C853720C6872A39A5D2BA4FFCFE7E2C574B54E74
                                                                                                                                                                                SHA-256:2AAACB7B6C9E2244B293AE47BFACE6D3BEA345D1C7C62466A7CE51DE6DE9AD5E
                                                                                                                                                                                SHA-512:64F644AA508227116C21DD2AD7DF4456832CCBFE4BCCF50660FFC77CCC8764C22CEC190E69B29DA9BE1699BF6DF78A43EAC6F2AAE643CCC8930C4ACD4F4CE121
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......&...v.......................................................................................................................................2...>...........v...N............................I.......I.qk..B.....LZ...........a.2..Xf.G....a.2..Xf.G....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.....................-..qz].$....N...^................9q.O.E..8..<z.........f........................................I.qk..B.....LZ....................-..qz].$................-..qz].$....................................................................j......T.]............B....H........B......>.)....J...................;........4...4...4.."........................z...y.. x.. ...........$........4......7...7........................;........4...4...4......................#..............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.083416546182607
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:hsX69/PEt1tYEno3CBXbEPB9L2xTowrdlrqIddXD6kjom9Sa:hsC/PE1YErBXIPB9SxTtRpp8G4
                                                                                                                                                                                MD5:E596E07903BC230C6769E2A6E2B48A53
                                                                                                                                                                                SHA1:F6C67D35F19227D3AF5DEFDF4536FDE5FE43B832
                                                                                                                                                                                SHA-256:499DFF381AC87AE1099642694D0FC4395A7BC9EE577FE152346A2E0EB6B4DC14
                                                                                                                                                                                SHA-512:AC6309508417104A4D2086E75F9762CA8D5111ECA22AD4CAF73CC5FED74525F75F20F5BFD83AEC80DDE8AF30D5BF7AF3EAC074DEFCABB505FE66C6AAD0DA2229
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......&...v.......................................................................................................................................2...>...........v...N............................I.......I.qk..B.....LZ.UZ......UZ..V..3F.^.kN..UZ..V..3F.^.kN..UZ..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............eI.+.u........?....N...^................dV.._vF.7..D.........f........................................I.qk..B.....LZ.............eI.+.u........?.........eI.+.u........?..........UZ......UZ......UZ..........................................UZj.....UZT.]...UZ......UZ..B...UZH.....UZ..B...UZ..>.).UZ..J...................;........4...4...4.."...............UZ..UZ..UZ..z...y.. x.. ...........$........4......7...7........................;........4...4...4..........UZ......UZ....#.UZ............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.080951608833739
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:eBesEQko5m0PUCTmtxtsEdoKXdK9yuToVjrddrEmId0dXCi5kreEMa:ZseD08CTmZsEuKXdK9yuToRRi015hEM
                                                                                                                                                                                MD5:1377152E2754BF0D15C7A556FFE99BF6
                                                                                                                                                                                SHA1:449C283BCC8E006C156E715E160A593878400ED8
                                                                                                                                                                                SHA-256:D27D22D070F45D5737EDEE533423AAFDAD313C0595876877C85B3CE8F3038F6E
                                                                                                                                                                                SHA-512:32F99BB7FEB3B17A0D93F340590594B49CD03DFFAED4787D24BA8269020A99C5C3AA9FC171366A34BFD07FEC37039FF4908C986B3E3E412C053E999F3D1A9760
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......&...v.......................................................................................................................................2...>...........v...N............................I.......I.qk..B.....LZ].N.....].N......m.^.:I.].N......m.^.:I.].N..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............PJ...3...ds..wG....N...^................@.)e..L......l<........f........................................I.qk..B.....LZ.............PJ...3...ds..wG.........PJ...3...ds..wG.........].N.....].N.....].N.........................................].Nj....].NT.]..].N.....].N..B..].NH....].N..B..].N..>.)].N..J...................;........4...4...4.."..............].N.].N.].N..z...y.. x.. ...........$........4......7...7........................;........4...4...4.........].N.....].N....#].N............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.1198913160897845
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:+4MsJzaXI06ESX89v1lTc0RvpxaRIpaI23:+4MsJuXIMSX899lpRvpxaRIpaj3
                                                                                                                                                                                MD5:CFA308A58972939B451B8FEE21B00457
                                                                                                                                                                                SHA1:96028DBF6D106719CF8D86C1D0590C73F797BE60
                                                                                                                                                                                SHA-256:708AB5CD43A9C7CF0D183B476EF7B0BA982607D8A994B0A06AB13745872D820D
                                                                                                                                                                                SHA-512:1C967A18F1A916DDDD67575543370BE7F13E71D220BF02641F9C9A35A7DE4E5369AFF9CC9A6B375A5F0E650AD97530E4E2F6CE7A5DAE6B6F4869BB1B15C1F9D2
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......0...v...$.................................................?....?............................................................................2...>...........v...X............................I.......I.qk..B.....LZ..@.......@.f7......z..a..@.f7......z..a..@..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'............. . ...r...f....3....N...^...............Q...8..F..;]ru..........f........................................I.qk..B.....LZ............ . ...r...f....3........ . ...r...f....3...........@.......@.......@...........................................@j......@T.]....@.......@..B....@H......@..B....@..>.)..@..J...................;........4...4...4.."................@...@...@..z...y.. x.. ...........$........4......7...7........................;........4...4...4...........@.......@....#..@............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.172643745234775
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:asqFDZsouMEP8XU59VTCRIV7r+YaUr3OC:asODZOpkX09VGRIV
                                                                                                                                                                                MD5:52C4FF25A1C346DEF423AB5FC9BB55D8
                                                                                                                                                                                SHA1:8CAE1521C58FFB57D0DBF309A3F2A8CF092AEAD5
                                                                                                                                                                                SHA-256:4F55A92896566D4AAE65B696FC0CE1992C65399571A0325A18E8B8EEF3AF43CA
                                                                                                                                                                                SHA-512:D9E141EC40DA6C153E3BBD9C95519F20B4F79C71D11FDAF131A4FEB084E91A979D9BEDC9A36FA779DD1C3E38F8754FF9BAEEB8797A88ED591F9CE85009D3C821
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......0...v...$.................................................?....?............................................................................2...>...........v...X............................I.......I.qk..B.....LZ...........?....2......g...?....2......g.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............A..JA`....A'5e.....N...^.................0.%..M....m.X5........f........................................I.qk..B.....LZ............A..JA`....A'5e.........A..JA`....A'5e.........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.140842356996367
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:y0X+escy5wxM5tkuEBAC+r2Xwx9TPi3TolrdSrwIGdXq2diYF:hsmxM5BEBA7qXc9Ta3T0RKwV
                                                                                                                                                                                MD5:9E672934EC07E0F30B4FAA3830D2B845
                                                                                                                                                                                SHA1:A20679EB594EAA1CEF463216201C6AC4021FE945
                                                                                                                                                                                SHA-256:5A19A249DF3C88AF7BB369BCFBE2117A9BED478EEE3FBA8A9DE087E73790041B
                                                                                                                                                                                SHA-512:F37B26261D6C778447350F5DF5E8F63ACB1999805ECC31BC9DE06015CD949ECE5E441E6C2D5DD8F5E311D7AE0C3A1721086452E5867051BC4C5D8440A58F3227
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZfl......fl./.0.....!e...fl./.0.....!e...fl...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............lK.r.......%."....N...^...................<.D.....v........f........................................I.qk..B.....LZ............lK.r.......%."........lK.r.......%.".........fl......fl......fl..........................................fl.j....fl.T.]..fl......fl...B..fl.H....fl...B..fl...>.)fl...J...................;........4...4...4.."..............fl..fl..fl...z...y.. x.. ...........$........4......7...7........................;........4...4...4.........fl......fl.....#fl.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.135966127247756
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:FpHRshD6YRQoKuctFKmE7CWPX09yWntTomrdSrfWIjdXlmZR65ZCwEh:PHRsVKucnNE71X09y6TrRKDY
                                                                                                                                                                                MD5:01D3039B43403D91E7262194715C91E5
                                                                                                                                                                                SHA1:210D14D9A69741ED4660C53B364E0B7192D22189
                                                                                                                                                                                SHA-256:33FD41082B893BFDFABA93922C4E6344BA033AEDD105A27E47B8DACB347C722F
                                                                                                                                                                                SHA-512:38770283AACFAA5703BE9E35FC9014D37DE56DD6F8D2F9BA4D14BA91E24069A4959EE1346245C1F3BC63EFD93C3218FE4B4B6E74DF24949ABFD45C100C32B6B0
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ.Mu......Mus..H.'8ZbO.h..Mus..H.'8ZbO.h..Mu..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............?.*.7.$.........N...^................D.K..7E....'-.........f........................................I.qk..B.....LZ..............?.*.7.$...............?.*.7.$...............Mu......Mu......Mu..........................................Muj.....MuT.]...Mu......Mu..B...MuH.....Mu..B...Mu..>.).Mu..J...................;........4...4...4.."...............Mu..Mu..Mu..z...y.. x.. ...........$........4......7...7........................;........4...4...4..........Mu......Mu....#.Mu............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.126644919507508
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:6H4sulZrd6HGtcCEEC/t5BX7k5B9JJzToIrdSrzIFdX7SaIB:6H4sSNd6HGVEE4X7g9JhTNRKaG
                                                                                                                                                                                MD5:9000E59E173743ED3B6A1B81FB9BD307
                                                                                                                                                                                SHA1:7EE1DF501EAE78EC872A19E6922B0D3FBCD59CB3
                                                                                                                                                                                SHA-256:DBB08B35B70FFFA533CA17C6A391159EB2D4CE8CA970FDD36D4AB6857D63C4D6
                                                                                                                                                                                SHA-512:76D5E4A79E4FEE2815DF7364E3724D739AE33516E8CBC95C3D76C1E86BBA7CDB227E541B9D3EBB982A564F29810C1A36D8C8FA945522C42CFB407CB3011575BA
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ.1e......1e.X.y....M..(..1e.X.y....M..(..1e..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............,.-F ....x.9..J....N...^...............k.>.O..H.._.c..J........f........................................I.qk..B.....LZ.............,.-F ....x.9..J.........,.-F ....x.9..J..........1e......1e......1e..........................................1ej.....1eT.]...1e......1e..B...1eH.....1e..B...1e..>.).1e..J...................;........4...4...4.."...............1e..1e..1e..z...y.. x.. ...........$........4......7...7........................;........4...4...4..........1e......1e....#.1e............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.132262402428932
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:h/s0H2r32tYH+E2CHUX89nPM0ToSJrdSrSIBdX9l3GAOfie:Rsnr325E2ZX89nU0TpRKl9Afi
                                                                                                                                                                                MD5:99A307A2049B8846B9E11E553166765C
                                                                                                                                                                                SHA1:1B71C23A8A2F679352687E487FA3C5AF6D7A4A78
                                                                                                                                                                                SHA-256:AE4D50B87A003CCC4E8BAA98767F4F227C9E7F47D82B4EC61E9D9DF019449238
                                                                                                                                                                                SHA-512:86FB886E79ECE0E1BB46755391C901E6F1A98D8204D9D265FA222F5CE5079DE28E49CC7B20F60D478C56F3DA09530860AD3338CFDE4DC562BB1A80571D8A7A0A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZb.......b..0._..:w3XH..Tb..0._..:w3XH..Tb....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............n,.`..*..&..w....N...^...............z...@J.P...N........f........................................I.qk..B.....LZ.............n,.`..*..&..w.........n,.`..*..&..w.........b.......b.......b...........................................b..j....b..T.]..b.......b....B..b..H....b....B..b....>.)b....J...................;........4...4...4.."..............b...b...b....z...y.. x.. ...........$........4......7...7........................;........4...4...4.........b.......b......#b..............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.110017269631684
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:hsKthf6Rxt96eEG9CCZnX09Y73EtTo+rdSrNIFC6dXVWgWh:hsESRxdEiXX09moTrRK6c
                                                                                                                                                                                MD5:600FCB3F1204CA597FBF8A839DEC14DB
                                                                                                                                                                                SHA1:C6C5C124537F8A3E41DF5AB0BE7996CFA8A194C2
                                                                                                                                                                                SHA-256:942DE1BD2F7262F9B9FBFAB9E99549C24FECFF6DC11E2BBD945695E746FF6E34
                                                                                                                                                                                SHA-512:C68754AAFD27F87020F43756BFD057356927A2E015B989EC7A6A1302BFE1F99F6E3EDF88EE86CAD563276ACFF536E5EF9E90DD804661E8088961B07BC1BBCB62
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZR.2.....R.2t7...3G..aRMRR.2t7...3G..aRMRR.2..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..................^2.#.+d.......N...^...............#[..C..A.......R........f........................................I.qk..B.....LZ.................^2.#.+d................^2.#.+d............R.2.....R.2.....R.2.........................................R.2j....R.2T.]..R.2.....R.2..B..R.2H....R.2..B..R.2..>.)R.2..J...................;........4...4...4.."..............R.2.R.2.R.2..z...y.. x.. ...........$........4......7...7........................;........4...4...4.........R.2.....R.2....#R.2............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.125812207932017
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:Dxs2bZb8ruA5tdm6EnpDCZPSXg9vlNqToDrdSrhIgdX0/LCCskXYLrKq1:DxsU8ruA5hE1xXg9dITWRKx+u
                                                                                                                                                                                MD5:161A802B618C705123303D53B6B576CF
                                                                                                                                                                                SHA1:81110624B5B4602C5421952892A785A30D38C4D5
                                                                                                                                                                                SHA-256:0DF2F264D5B2662FF1BB32C0DDF60375998A1941D1FC828F94F040E12B2AD76C
                                                                                                                                                                                SHA-512:93D4582F378EFF82B8CB8E43F9710AAC6FBF9CD2565F6AB584C62B4ADC885FCB022113067ADC94CF0FFC8C9C70D827621D4CABA4A54808E898E62F0D977FDAB2
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ.%J......%J..:R.(...mIQ..%J..:R.(...mIQ..%J..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............l......?./....V....N...^...............#.f..Q.H.. <b2ju........f........................................I.qk..B.....LZ.............l......?./....V.........l......?./....V..........%J......%J......%J..........................................%Jj.....%JT.]...%J......%J..B...%JH.....%J..B...%J..>.).%J..J...................;........4...4...4.."...............%J..%J..%J..z...y.. x.. ...........$........4......7...7........................;........4...4...4..........%J......%J....#.%J............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.127521348827606
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:ejGsjWHs66d+NrNt9ieEmCKxXc9x+aGTo7rdSrYI4dXgWVyS9:1saM66d+NZlEmfXc9OTWRK2n
                                                                                                                                                                                MD5:4FA4749AEDE6E4313515C7D015B823A0
                                                                                                                                                                                SHA1:5EC54436E418E541AB70915E07103AFD0BE31A80
                                                                                                                                                                                SHA-256:BAACC9B40EE4E62D54E3BAAC5003E262B7E8950CCD3A5E23402CDF75C645B06F
                                                                                                                                                                                SHA-512:44F841BF983C06B75E79249F51F93B1A799EB398CD36DA61047DED9318FFBFC70E5BA1453FA156D084377073C48E486957451E4D2F59212F144E368948E40EE3
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ................;...XB..........;...XB.......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............Z.:-....1h........N...^................Z..D..O..$.._T.........f........................................I.qk..B.....LZ.............Z.:-....1h.............Z.:-....1h............................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.109391296270759
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:KgshJf4bjytG0S6UMElCC5AXP49zB8/ToIrdSrKIVdXLkC0Qwayp:Kgs34bjyc0dFElCrXP49zBGThRKx6/
                                                                                                                                                                                MD5:1FEF3E57C6FEEEFED47E8F558371ED69
                                                                                                                                                                                SHA1:A55F181EBC20882BEFF48855790977B23368602A
                                                                                                                                                                                SHA-256:EE1EBCA9891EC9936A4FD295DFC609CAC23007E1D5A547BAA13EDCB23F74A663
                                                                                                                                                                                SHA-512:1313E29A5EE9C645005CF8D1119075C4841B0C46A57B7F3DA2A639484555CC055E9485FA117DAA415E642D3CF728C0D8FF927422DAA41EF05DAC0AD0E8C981D5
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......,...v... ...................................................................................................................................2...>...........v...T............................I.......I.qk..B.....LZN.......N......8...6F._N......8...6F._N....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...................W.6.C..Ngw....N...^.................C.2..D..N.Kd..........f........................................I.qk..B.....LZ..................W.6.C..Ngw..............W.6.C..Ngw.........N.......N.......N...........................................N..j....N..T.]..N.......N....B..N..H....N....B..N....>.)N....J...................;........4...4...4.."..............N...N...N....z...y.. x.. ...........$........4......7...7........................;........4...4...4.........N.......N......#N..............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.133356441001426
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:K4smQ4SO6INE6c7gXo90iTWRKnGFWTGkF3aW:Psz4SO4DgXo90iSRKn
                                                                                                                                                                                MD5:30F60CE2FCCF57FD4926CD3B7DF85823
                                                                                                                                                                                SHA1:D9628362168BDE593BBB91EB06662A50FC7A6DD5
                                                                                                                                                                                SHA-256:15ED4189625F443E2D3F4BAED2F7FFA81274AECC57BBED457B76E084B77EBBFD
                                                                                                                                                                                SHA-512:A2C7CF257F2A73DFF4766BD5CB145598F8797E2DF99DA0D889605569D60C903663C361F474F70827BC36D66045F515BD17EBF47CC2DC72BD5E4D25D7B71A522A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......,...v... ...................................................................................................................................2...>...........v...T............................I.......I.qk..B.....LZ.I.......I.^..w....C....I.^..w....C....I...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............j8v^...'.P)93t.....N...^....................N..>T..a........f........................................I.qk..B.....LZ.............j8v^...'.P)93t..........j8v^...'.P)93t...........I.......I.......I...........................................I.j.....I.T.]...I.......I...B...I.H.....I...B...I...>.).I...J...................;........4...4...4.."...............I...I...I...z...y.. x.. ...........$........4......7...7........................;........4...4...4..........I.......I.....#.I.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.147256160696392
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:Q88sIN2JG53FkEPsWXlW9cTTRK2EE2L6Apv6S8x:B8sXJaVx9XI9cnRKL
                                                                                                                                                                                MD5:3EF47CDB40F88ADB24BD488928D1ADB4
                                                                                                                                                                                SHA1:EBFA540BE7480B5A216DDDFF464E2C8160C7F05B
                                                                                                                                                                                SHA-256:35825C5594A9A53ED69798A1150C66958B22C31EE7B5274EDCBBA2C0696CB12B
                                                                                                                                                                                SHA-512:275B78F34BAF5564D42B0FA1C2553803AE415CE88283F30E1BF0527A9849B6F9F3101A56BE04C67467C8C7A7F5F43C6351EE4CB58FB7CBCF5E6EE6F1B8DCFF02
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>...........v..."...................................................................................................................................2...>...........v...V............................I.......I.qk..B.....LZ]. .....]. .Z.b.&e!?./..]. .Z.b.&e!?./..]. ..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............u(.R==..0.+V!O3.....N...^...............b...`\.L.QXX+.".........f........................................I.qk..B.....LZ............u(.R==..0.+V!O3.........u(.R==..0.+V!O3..........]. .....]. .....]. .........................................]. j....]. T.]..]. .....]. ..B..]. H....]. ..B..]. ..>.)]. ..J...................;........4...4...4.."..............]. .]. .]. ..z...y.. x.. ...........$........4......7...7........................;........4...4...4.........]. .....]. ....#]. ............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.104951474970533
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:TxsEPEtfAcetpPmeEVC/lXw9MIIToNrdSrLeIDP+dXmC06Z:TxsR9AceXZEVQXw9MVTsRKL6l
                                                                                                                                                                                MD5:1380C9BB012BD26EAF35F96E28F4B3CD
                                                                                                                                                                                SHA1:D77DD02D20F862E54C1B03C18551BCE8548C8E21
                                                                                                                                                                                SHA-256:3B05E578F12A8BC9C68B9E04C36C501746B9DDDDD4C478C75642C758CC73C25F
                                                                                                                                                                                SHA-512:78CFBFAC23E7B585B275A50247DE0669A676CE564F088ECEB077D2D4F24A26AF64106F2B3B64AF3BAE01CD2366520A3D44296330FFE22DEFE190D2ACDED593EC
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ.K.......K.^.)s...{..#.K.^.)s...{..#.K...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............u../S...=..A...-....N...^................. .h7.F...#.6g.........f........................................I.qk..B.....LZ............u../S...=..A...-........u../S...=..A...-..........K.......K.......K...........................................K.j.....K.T.]...K.......K..B...K.H.....K...B...K...>.).K...J...................;........4...4...4.."...............K...K...K...z...y.. x.. ...........$........4......7...7........................;........4...4...4..........K.......K.....#.K.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.143657551453084
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:ZY2sE5+Ps6KzoGEsWMiXo9yTaRKNs+pJVfb:ZY2sE5+HK0j8iXo9yGRKNs+pJVf
                                                                                                                                                                                MD5:4F748E5240B25F16C35E7487080BED47
                                                                                                                                                                                SHA1:622E5F8B91E632AB672F0605E5A8D238305F3B30
                                                                                                                                                                                SHA-256:343BBA3BE927863ACEF78333A69C337B100ECD954770D5D134C03419DBB4A360
                                                                                                                                                                                SHA-512:747F796BE1C9761E547234E3AC38C7BD10CEC85B9F62A60C2C02F256A6025802AC0E4381732BC59A0A34C0B893D26B82DC0512D3BB90AB68B6F3E94FB16CE14B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ..g.......g..MH.1......}..g..MH.1......}..g..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............+. ..v..".:..\.H....N...^....................2YH.t.nR..........f........................................I.qk..B.....LZ............+. ..v..".:..\.H........+. ..v..".:..\.H...........g.......g.......g...........................................gj......gT.]....g.......g..B....gH......g..B....g..>.)..g..J...................;........4...4...4.."................g...g...g..z...y.. x.. ...........$........4......7...7........................;........4...4...4...........g.......g....#..g............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.115184136558236
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:9spbqSEbEbaWS2Eitw6ER35uCAZ4X8b9LdNxToL6rdSr+5IDdXFbyhbEkmbyhbOq:9s5SxixER3c+X8b9LdTm6RK7ziT
                                                                                                                                                                                MD5:6A4FAB77754B7485AF4C7D35129C6A82
                                                                                                                                                                                SHA1:D412B205EDD92A3285C76D2FDD29DAE14C9ED595
                                                                                                                                                                                SHA-256:9B3715B62953384DA06EFC4E90520C9DF9F89815743A4DC1BE6EDA9EE36C7DB4
                                                                                                                                                                                SHA-512:D5F9A2912BC14A12CE62F018A0987CE0E99DA3EC3A79AE5F5737341B86120D4B5FEFE050C5AD6F6A7E229FC01152E5A5C94D29835AC5679A804EED2F9D19E172
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ-&......-&.:0...5_.d...-&.:0...5_.d...-&...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..................+.....e)v......N...^...............^My5..VA.d.Z.$(p........f........................................I.qk..B.....LZ.................+.....e)v...............+.....e)v...........-&......-&......-&..........................................-&.j....-&.T.]..-&......-&...B..-&.H....-&...B..-&...>.)-&...J...................;........4...4...4.."..............-&..-&..-&...z...y.. x.. ...........$........4......7...7........................;........4...4...4.........-&......-&.....#-&.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.129650665527835
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:hsi4PzpENA1s2LX09/TpRKsOUN9Kka95ug:hsi4PKyLX09/NRKsDN9Kka94g
                                                                                                                                                                                MD5:0E3C09ECE4E2841734F4A6E591510299
                                                                                                                                                                                SHA1:16CB773C18609CA6FC59D2A232788F52EC84BF86
                                                                                                                                                                                SHA-256:91C89E7FD39E7F0071A74DF4438FE7ED4C0F4FAA382D9070174779E5659AC344
                                                                                                                                                                                SHA-512:6C20D4D5920ECF5FDEEE34DC3C9FAF0AFB9DC1F87D06C24D40C0FDD3935B1D690ABF31222EF6D6CE46330717451B6A00C1968B7DFF7AF832E25AB1D7483E48BA
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ.'.......'.W..b...[..<.M.'.W..b...[..<.M.'...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............3.we.....*1..C.....N...^......................G.B..91xN........f........................................I.qk..B.....LZ.............3.we.....*1..C..........3.we.....*1..C...........'.......'.......'...........................................'.j.....'.T.]...'.......'...B...'.H.....'...B...'...>.).'...J...................;........4...4...4.."...............'...'...'...z...y.. x.. ...........$........4......7...7........................;........4...4...4..........'.......'.....#.'.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.113773673902185
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:KbMbBsGxJOIyvVpTtER/lSEyrCQqXw9Fkg2FToOrdSr9IvdXxbl0Qm8Dubt:K4BssoNpT4MEyraXw9FknTfRKmPCB
                                                                                                                                                                                MD5:165B05DCEA2D85F742E3E80E88B5E268
                                                                                                                                                                                SHA1:B6B4CD4A4BF1921ACCE7AC3C639DE2A477C4A75B
                                                                                                                                                                                SHA-256:75995ABDDD88E6BBA663BD285A71CFD38BC7E25132C27582025240588DDE07D6
                                                                                                                                                                                SHA-512:DB9ED7279EC71FF35FF1AC1D7944D1CB4FFE2E1A06FFAA06EA9CC37F87EC3450E8A009CF142D2A0E74D01DC12EB276C6EEEF0F1417A1BE55375D2FB37BF4AF3B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......,...v... ...................................................................................................................................2...>...........v...T............................I.......I.qk..B.....LZ@T......@T.$;&.90p...=.@T.$;&.90p...=.@T...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............N_|kP.V...).}.kO....N...^................I.,D..J.....#Q........f........................................I.qk..B.....LZ............N_|kP.V...).}.kO........N_|kP.V...).}.kO.........@T......@T......@T..........................................@T.j....@T.T.]..@T......@T..B..@T.H....@T...B..@T...>.)@T...J...................;........4...4...4.."..............@T..@T..@T...z...y.. x.. ...........$........4......7...7........................;........4...4...4.........@T......@T.....#@T.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.158967163661068
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:7sq9B3h0RdTat3gEJlCDgXHt09Hs5jToCrdSrJIjdX9MFmuDNBAJf:7sqx6dTayEXBXN09MjTbRKycFFRBAJ
                                                                                                                                                                                MD5:23CAC26E1F26E83C270EE589E06061BB
                                                                                                                                                                                SHA1:33C0D54CF947ECBF8908CBFE8D0F737ED6E05160
                                                                                                                                                                                SHA-256:746B94939EDC6AB2F329BC31E9168A0A97AB8A5CA7BA54F7B85877ACB72FEAD6
                                                                                                                                                                                SHA-512:4F78EE6DF6BA465CC224D2E654987AFB2E2FC817133AC19992F7E02EFB95AF8B1E1D38D81A972E79A9385B14DCEB299F4A7DA8C3424817B5E1A6F44254A45651
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......(...v.......................................................................................................................................2...>...........v...P............................I.......I.qk..B.....LZ.W.......W.|..U.(A.Kh..G.W.|..U.(A.Kh..G.W...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............f(..u...[.......N...^...............h...\U.M...0HW..........f........................................I.qk..B.....LZ............f(..u...[...........f(..u...[.............W.......W.......W...........................................W.j.....W.T.]...W.......W...B...W.H.....W...B...W...>.).W...J...................;........4...4...4.."...............W...W...W...z...y.. x.. ...........$........4......7...7........................;........4...4...4..........W.......W.....#.W.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                Entropy (8bit):3.654737444427781
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:2ymQIN5Y3Nt3qZtVktOHzcOEy6DOnO+UGXi2+:27bN5YnqTbzcOEy6SUGXp+
                                                                                                                                                                                MD5:D84417FC59C736640EF4AD0A49F5F4BA
                                                                                                                                                                                SHA1:A078F4823AB1CE5E8D834BEC762E8A5BF2923128
                                                                                                                                                                                SHA-256:DB8EC4E600AC00CBD0BA640A84A665AD2142DC988971D0E1C063591AC36BEA76
                                                                                                                                                                                SHA-512:885954A2E256E4F6920CB7B5619D9FAEF2E58C929E9721EE81B63ED68B3EF9A87706916C6DD765F72A309C8301819BB64ECA346B12B52B383E7C411B6F6FEC7D
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:....X............... .....................................................................................?.................................................X...............H...........................F.......F.....iJ..t.....M.......M.V.B...A.{.c....l...5...B=......nN1..Q.....,.E.nN1.w....%..-..|].3Zw.............M.......M.................................................F>......F>. ......%...................aH.(...L..2...^...............<.......,...F.......Z.#.nN1.w....|...G.......F..T.......T)...Z.#T.y..#!|T.2.._..T....w..T)R...M..."...M...q......F.......w....c..,0...e...B4.$...........GP..A..}.....J....................kt......kt...F........Y.w.......w....%..-..|].3...i:...."..6)X....i.#!|.l..@..C*....#!|.......aH.(...L..........>...............nN1..Q.....,.E.w....%..-..|].3Z......aH.(...L............0...........e....4.............."...P.r.o.j.e.c.t. .O.v.e.r.v.i.e.w.......B.^....F...r.QH.....(...........(..."...P.r.o.j.e.c.t. .O.v.e.r.v.i.e.w...j...P.a.g.e.L.o.c.I.D...L.o.c.V.e.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                Entropy (8bit):4.5951069856885605
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:wKmoRctg7OUfDWI1i7uBZtRtW/fBquVC7WdwR04cc+kA3eNW9124Xp87TO2T5DmA:wKmoitg7OUfDWI14uBZtR0/foMC6dwRZ
                                                                                                                                                                                MD5:B9AF35E03F5C451E0ADE7AB0CEBAE195
                                                                                                                                                                                SHA1:B6C3E00F46D7BACF6075FE41BD61A71D4ECE2C96
                                                                                                                                                                                SHA-256:4B38C35719EFF5F12166D50A2472C9687AF65DE51909CF3D70CD45923848B931
                                                                                                                                                                                SHA-512:2D978F042BF892927DA45C25A4C19FC235F2FCFA1263922AF31333EB3D58EDC301C7A91E143DC5870EC18EEE2A13594AE77A1F8CF31BAA4F6F72BF53936744B3
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:....>...........v........@..( ..`J..........>...t...8...v........H..( ..PI..................................................................................>...........v........I..( ...I...............I.......I.qk..B.....LZR.......R.........Ml.x..R.........Ml.x.%R...PXX3.....\G<-...PXX..I.qk..B.....LZ.I............I.......I...................................................I.t.....I................................................................4..'...'..............q.&...+....z.....N...^...............s.P.fa.C..-....=............J...............................4....I.qk..B.....LZ.............q.&...+....z..................................R.......R.......R...........................................PXX(.6..PXX(.z..PXX ....PXX$....PXX ....PXX(.5..PXX ....PXX$........R..3R..8R....z...y.. x.. ...........$........!..7!..7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.3..............Z4...........................................4../4......p...............C.a.l.i.b.r.i.....
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):22203
                                                                                                                                                                                Entropy (8bit):6.977175130747846
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:5q3R1VBvq3R1Flrk6Q0QPJJrR39joOVMJ25d1NkMhIwobbtAAAqYnLJZMJYZ2AC:xw6Q0WJR3FoOVMJIIlAAAqYnMJdD
                                                                                                                                                                                MD5:2D3128554F6286809B2C8E99DE5FD3F6
                                                                                                                                                                                SHA1:FC42CB04151D36F448093BDEFE33031A9B8D797D
                                                                                                                                                                                SHA-256:14FA2D16310485AA1CE41F6D774A3D637E8CF8B03C4F72990155DF274FDB6BD9
                                                                                                                                                                                SHA-512:D8531247A6E89ECABEA9C4A78F596CCE3493334EDF71AE4F7998FDDD0F80705948609C89756AB56FDFAB6D04DEC5F699A693801A772CA2EE2465BDD2CE5D2D5A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H.....XExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:06:24............................&.........................................................(.....................&...........*.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...H.....Go.Kxn.b..g...........%?_....O......q......7G......%%.V..8zm.].v?...jJ~._..>.......O;........o..rI.A.....n.a.........
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                Entropy (8bit):3.964715178944031
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:TsjIiP7chWIXHdbClR/97dyGyKeldWEEse97kvCDyok2ynzcJ:Tskijc8IX9bsR/97tGpEse9ovCDyVLA
                                                                                                                                                                                MD5:5A2F3A26FEBF6C96954396CC13383137
                                                                                                                                                                                SHA1:FD4274FA69C28FB824EB19C88CB0F5006DFF8C2F
                                                                                                                                                                                SHA-256:B36EC01F0DF82E8039499E79CB68C26A8942EB0812B6774C9E06FBBC926D6058
                                                                                                                                                                                SHA-512:CB1AE77A90CA4CFE604DEF0C569191CE9B209720BE5925C7E5A0232FC831D2152A5E1432C0CAC8C1783169A104E15FA0D8E4C65F58B0642A3736BF537D1688EF
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>...........v.......................................................................................................................................2...>.......Z...v...&...........................Uz..)...Uz......8A...t...I.......I.qk..B.....LZUz......8A...t..Uz...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............b.n..............N...^................#A.D..C..9))=...................................................I.qk..B.....LZ.............b.n...................b.n...................Uz......Uz......Uz..........................................Uz.j.h..Uz.T)...Uz......Uz...L..Uz.H.]..Uz......Uz...H..Uz...}.......Z4...........................................4../4......p...............C.a.l.i.b.r.i..................Uz..Uz..Uz...z...y.. x.. ...........$........4...!..7!..7...............Uz.:Uz.FUz.GUz...z...y.. x.. ...........$..
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):52945
                                                                                                                                                                                Entropy (8bit):7.6490972666456765
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:cjvqR0XvFaGCTJffi0tgybmWDoTw71kHUAnjvawrlp2+NUO8dWSNl3PF2PjK/q09:cyRffflgybmWoTw1UUADHUbU21MjpAD
                                                                                                                                                                                MD5:AD003F032F32FAC4672D4CE237FA5C5B
                                                                                                                                                                                SHA1:AE234931B452F0D649D91291763B919CF350EA49
                                                                                                                                                                                SHA-256:ADB1EBBE18D6CD8FF08AA9BF5C83CDB83BF9AA179698E34E93DBCDDE12F04D32
                                                                                                                                                                                SHA-512:ECA25FA657ECE3A66D3E650628E0F65D3BADD38864C028AB6553950A1A66D7D55482C85E9E565573E9E5AAFA91C2D53235971C644A266D41EB69F8E72E3A843B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQ..aq....".....2....BR#r.b3$...C.Sc%...s5E......................!1.A..Q.aq"...2...#...B...Rb3..$..CSr...6............?......y_N.e.H7?........W..w....k|...S..d.4.>.RW5z.$.i.)V.O....>o...c..*&1.D..O..".ufbb..1...t..u=..K...m...~.....F..-.fb:i..=f..C.w.[{..~.7k....;..:..3....4.....$..m]...}....~q...9T.#..7.~..8...q.N;c..ffo.w...W..d........../t_........lWJE..).>..v;:=....Rrw#.m.n.n...E...vm.J}2N*..|.4...80.#..e....t.J..ZQ.x|g/....F..e....k+vK...M..W.X.e.L..~...j.....kz....=...n:O.:..[.L,.+R...Y..zKNI....,..{e..U.'...}.......|..t.]...~...b4......_.i..../.......m...a..n...v.j.?..Rc.$G|.31..#..$?.........h.w....-... .a.%z..u......u.A....Fm..J.......G..[...w.....:....w/.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):12288
                                                                                                                                                                                Entropy (8bit):3.5192854965338882
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:OsJda9r1hYi/LlsX8xEwGJRtFDbe8Tpjpe1QtoO9cl/wMwqysey:7kMi/LluEEfJRtlPq1Qto+cl/d9e
                                                                                                                                                                                MD5:0A897E041A56D2805452B74473894991
                                                                                                                                                                                SHA1:3732CD9660E57724D6DA9041750146879BD346A4
                                                                                                                                                                                SHA-256:CB130C7E60054D1D97E5134EFC6BDFFDACA25C05BB0B866575949525151D0941
                                                                                                                                                                                SHA-512:1C1F8314534565AB5A41396CB6C79D43193CAFC3526E6E8F51E75D70A7F05EA5AFE4079D5C9AB868FAF83B360ABF9E559F6C8F8A2971D8781185861FEC965A4D
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>...........v.......................................................................................................................................2...>.......@...v................................I.......I.qk..B.....LZI.|.9...I.|.y..."....'.1I.|.y..."....'.1I.|..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............w/.ef...z..g.|.....N...^.................d....F..GI..>6............................................r....I.qk..B.....LZ............w/.ef...z..g.|.........w/.ef...z..g.|..........I.|.....I.|.....I.|.........................................I.|j....I.|T.H..I.|.....I.|..\..I.|H....I.|..3..I.|..O..I.|..........Z4...........................................4../4......p...............C.a.l.i.b.r.i..................I.|.I.|.I.|..z...y.. x.. ...........$........4...!..7!..7...............I.|:I.|FI.|..z...y.. x.. ...........$......
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):25622
                                                                                                                                                                                Entropy (8bit):7.058784902089801
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:EhK81gTCyJ/Gf9Aw3t8w8EtdPeGDh6bEi1Ie1u4ZbvgwTwrSRh7ZKNpIGY:IjcRXwdJvtdGsUbEi1IeY8vgwTyC1+Y
                                                                                                                                                                                MD5:F8CCFC24DEB1D991EBE085E1B2D7D9BF
                                                                                                                                                                                SHA1:AF76C22A765434AEDA134924C517C84107F4FED5
                                                                                                                                                                                SHA-256:7354001527AB554C44E7D6981B86DD933B7DC2E0D3DC8512AD3EECD843245C52
                                                                                                                                                                                SHA-512:818BC3690B01B30BC571E4CF45EC8D1AFCAECBAB003532644381F1CF730A5B3486862D08F7579B2D3D89167AD7DF35028881245C9550B0DA23D1F81A720A9704
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!...1A.Qaq.........."2Rr.#.t6..B..3S$4..v.b..Cs.%5..8..cUV.(.DEe.&Ff...T.d.......................!.1A..Qaq...s4....2r..S"BR.3....b#C$.....c............?..D.."}:......&&...?3..W.q*.......]...m.Y.k1......K).J...uV.b.../.0.E.H..4..W_T.[t.V.w.9.x.qe.L..o.oL.....d.\.....6.|.o...}..H{Yn..E...6Y3.l.e..D.:,.n.%...t...m.........,+,..|..n.....6.*...f........6.../$../Vi..H...e.f.F.zn.).n.E..2sTn.i...Yb?6+H&...Bf..*....z.o.^7[..u.:o....t.s=.....(.s.....f.g....q9o.u1L.N...smzE..[>...+\O....j.<....j.c.W.............U..+.F/.'..W...T./W...>i01./....j.s."..Q...{...a._~OW...Rp.)*.e..W..Q4)<..'..W...q...'..U..z..g......U}...O....w....0F:.N..V.3W.|..'z0.]...j..U[v..g$D.Lc[.e...UW.m0+
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                Entropy (8bit):3.196914734374363
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:rz6cP9g8hzFQeOWIlqdLakxab+RSHyipHLeSFznmz+BqF:SB8hzFQgIlqdLTxaqRUyipHLeSFznN
                                                                                                                                                                                MD5:EFD296F52DE75E2F69B6790DF123CAC5
                                                                                                                                                                                SHA1:B4E2A91322687DDE351A85996370EE8F33DA1681
                                                                                                                                                                                SHA-256:8C1DAE47A1D30224EE2F9CE4CBD589B0147BABB88F41EBF0F205AEBB3D051BD8
                                                                                                                                                                                SHA-512:559032BE6CEC72EE76E9F3591C031C6A8F9C51F7D7D6A4D7EE49E61AA1BB319A5214E7AC1AB6830A83050EAF2F20BABD0AB463899A4B1A2B04E30F0462B0B671
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>...........v.......0 .../......N...YG.....c.@Y.........N...YG.....c.@Y......I.qk..B.....LZ................................2...>.......B...v........-..............v........-..8....................I.......I.qk..B.....LZC...T...C...8.<...b..^..C...8.<...b..^..C....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............N...YG.....c.@Y.....N...^...............N(".e*.B.7.,............................N...YG.....c.@Y.........N(".e*.B.7.,................N...YG.....c.@Y..................................C.......C.......C...........................................C..j.e..C..T....C.......C......C....a..C.......C.......C.. .H.......z.......R...................!..7......}.....W.i.n.g.d.i.n.g.s. .3.......................Z4...........................................4../4......p...............C.a.l.i.b.r.i..................C....z... ..$..............
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):15740
                                                                                                                                                                                Entropy (8bit):6.0674556182683945
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:Elv3GG8/OOs+GouFdxMlxjoPyerzkpuOo2vPMc62PaJseZC+BJoS/:EtNiwdxMlZoPhzkpuOo2PMc6rX8+B6+
                                                                                                                                                                                MD5:FFA5EC40DC9A0FD10EB9E6355142D6A6
                                                                                                                                                                                SHA1:3D3D6A7E086B3C610C08F1F3E3F883604F06F2A4
                                                                                                                                                                                SHA-256:D74C3973C8D1F7C77274691AFB1AA934940674341D7EEE563BE75E563281BDFD
                                                                                                                                                                                SHA-512:6FAF2A24D06E6008F3579C7CEC90C2887462BDF83FAD7372FBB74B8DE90340B580E9836F309B68A9794597A598F7DCDA661C9A58DA6D8187C69083B7A17C9CD9
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!.1.....AQ..aq.g..8...."r....2.FG..#.E..7.Rb..Cc..D.v.B..3s..$d.%5Uu..&6fW'w........................!....1Aa...d..5e.6.q...Q..."2b.c..r3DE..BRs4U.#C.S.T............?...u.&0...cV.T.I...1..=4....Ce_.g.q.=F.M:>)...k..pm..h..=........S....)Ja8x...b.).=5.q..0......k.M.....1?-.G.b&.5..Ep.8t...'...R)..ta.F$bXO]tW.b.6#.t.XWN..ZW......].....G....x&&f..'L.....7...\...'.8...~`.sa...............................................X........qo...SMk...'.V...i..hb.}&?/.k.:>l.^....>Y...<}...&.jY.Gn.MKejyV......D......gf.0....t.nw..XQ...H.B.....=8.UkR.....Hm..w..]...k...#Z...F../.gjWvf.....w.aZ].2..5..^...VZv..._.7..a.|...:.B...,f...............~....m.;_.....-.e.y.w.[m.].bu.b.f+.E++\.....Y..7
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):12288
                                                                                                                                                                                Entropy (8bit):3.7852102111601615
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:ds7+3E0rauvpdYuXkJsM0Rttyy2e42iL+kX24Xu199FqsWW3he:iaU0raeXkWM0Rtsyd4sKXu1/Fqs
                                                                                                                                                                                MD5:BC82850E0E428CFD5769126BBE955946
                                                                                                                                                                                SHA1:7D4DC96C6BAC806992A64D3A33BB3C00A04D6E30
                                                                                                                                                                                SHA-256:EF8E4F7E5F81EF99A718080C65694D2EF44516662593A65485A468E6482DA712
                                                                                                                                                                                SHA-512:EFEF854A61B0A8478526BF758DDEF39EA1E943162DD333EEBEEE32E3A42ABFE887B2F7FFE24E3D1AF690420FB10B4E081B4F53CF22D9FF7E563F2FC9C1FA2DF1
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>...x.......v........ ..`!..2...>...........v.......@................................................................................................................................................I.......I.qk..B.....LZ...9.............6Jh...........6Jh.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............#E->.....s...4.....N...^................c)!/G..k...7..................................................I.qk..B.....LZ.............#E->.....s...4.............................................................................................j......T.Q.............n....H........9......V..............Z4...........................................4../4......p...............C.a.l.i.b.r.i............................z...y.. x.. ...........$........4...!..7!..7..............'..%.......z...,4. ...........$>........4
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):55804
                                                                                                                                                                                Entropy (8bit):7.433623355028275
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:gVvci05lhVbfBcWvBLeynluexaWqzww/u5:gVUZhHDljaHww/u5
                                                                                                                                                                                MD5:4126992F65FE53D3E3E78F6B27FD49DC
                                                                                                                                                                                SHA1:BC0D76B69310DA9B909D3EE4CECBFE5F386BFB45
                                                                                                                                                                                SHA-256:3FBE3C1C238BD7DBC67F8CFF5F3BDDFD513C96A9851B9616477947D21DFF4B2E
                                                                                                                                                                                SHA-512:624853F5E56D224C8188F122B2C4724F867D4099E7FAAFB9C945BE7E2907900ADCF4AE97AB08909CF94E96FB6F381E3B6396D560D93EB2731E4E69CBFE628F10
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d..............................................................................................!1...AQ.aq"2.....BR..8x..r#..9b....3....CS$.'.cs.......7Gw.(.4%5&..Wg.h......tEVfv..H..........................!1A..Qa.q...."2..u6....BRr.#...b..3s..d...7.Cc.$Tt..S4.5Ue..&..%.................?...,...8..{..S.y.N....%..q.8..H[5....o..xg........)c(.eO.YO..._D..x.U.....%.S.r.r._.^..Su.h.Q.t.:.#?....x..B.S...Q.....oqF..%..8'.qx....%.2JKjF..{y.w0.*a.RMb.c.Q{%....eW'..[IV..'ZW3...[...MN.....rO.:....$.i..7....Vrrr...I.r..M..Qo..j....q.^...N...J......%.J..)F...>$.....u........o...+......[...*..t....R}.I..R..S..GB..:......).6_[^Xft...F.1.....zP....,.#....MG.T..Q.F.....)Fi../.I...,%.voEb.b.Z..V3..FT.}..[Z{....wd.z.e.....QwW(.).t..\..'....:)<W.<..&k...caRT.X(..K.....:f...]...q..
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):12288
                                                                                                                                                                                Entropy (8bit):4.71252160120585
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:YsnAJmhDaYYRZbzsoDkwqoQDKtBbWWDmdXHWD4C/CXLLsCvm96ARtJsTL1DLNQDz:NA4hDaYYrXswqoQDeiWDMWDP8KDRt+TW
                                                                                                                                                                                MD5:102E5D453F1DD46753405D63CF88C497
                                                                                                                                                                                SHA1:F1569B1EF1B2C4B634459EE47AAA633131D34D87
                                                                                                                                                                                SHA-256:A8C8BCCC30008CAF452E70AD038517A26F32F129F07932A5807B66EE69D929EC
                                                                                                                                                                                SHA-512:2357AC5D05358C9A4785B816AE0AC6393CE5A57E8EF835D10CB067C963EF9666DAC27628635B0085E6F220E5D271DCFFB185664BC86FCC19F787554F8AA4FE99
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:....>.......^...v...2...0 ...+......>...........v...z...@....*...........................................................................................................................................I.......I.qk..B.....LZ.U.......U.,.\k......DA..U.,.\k......DA..U...I.qk..B.....LZ.I..#\..+.aG.......#\............I.......I...................................................I.t.....I................................................................4..'...'..............!.Xy.kE.Z.c.YLz........................J._....J.T..m.P.....N...^........................................I.qk..B.....LZ............J._....J.T..m.P...................................U.......U.......U...........................................U.j.N...U.T)....U.......U..f...U.......U. .<...U......U. .......'.U.8.U...z...,4. ...."......$>........4.."..7......A.g.e.n.d.a.:.........................Z4...........................................4../4......p...............C.a.l.i.b.r.i...................U...U...U...z...y.. x.. ..
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):41893
                                                                                                                                                                                Entropy (8bit):7.52654558351485
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:pZvVQkUbOHxx3pvVmO5rsP5gUdXwFMuv53knzyncaXgRDqPU:pZkijV5wScXwFMYknzucaXgRyU
                                                                                                                                                                                MD5:F25427EFECFEE786D5A9F630726DD140
                                                                                                                                                                                SHA1:BC612A86FF985AB569ED1A1EA5FFC4FDB18FC605
                                                                                                                                                                                SHA-256:5A36960DF32817E8426BD40A88F88B04FB55B84BAEF60F1E71E0872217FDB134
                                                                                                                                                                                SHA-512:B102F34385196D630F198667E874F25ADBC737426FDAE0747EC799B33632E5DC92999C7C715DC84D904342738930267AB1709870BDAA842243E4C283FE5E1554
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................!.1AQ....aq......"......2...Xx..9BRr#.b3$..&..g.8....%F'G.(H.Ss..D5E..v..W..Cc.deu..7w.h.).....................!.1....A..Qaq...Ttu.6..."R..5...2B..S....bcs.Dd%&r3C...#$...Ue.............?..R...%.R...t.MQ*.l...v...V]..n...Zw....M....4..F.&&bb0.:]l......ay.r<..3.l.Q^.........I54.N2.8..2s...w..r6.......[1Zh....O...9..>...B......x]...r.\.\..v..~....y.QT.3.......=....r..}.l.....o;....M..C1....w)...+o1f.]...MoA.E..s5..i.\....miGsy..m\.Zj....I'YU.\tU6La5v.>.K..m.]1.......k..0....</5v.V7lY.e.vV.+./[....f..u{....s.}.Rb.Z.....Y.6]..m....V.\...Mr.=r...K...l..%..m^.......X.(..fG..[F*ly.jL.a4..vs..o.e..q.9km..w1.yg.....r_.*h.n..5i.-.{Y.l...<...'Or.s..Z....../JP.....\FV.S..............m
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):12288
                                                                                                                                                                                Entropy (8bit):4.553357117105195
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:zsRHSMPq1XZF9So/edg5vdU9hx6F/3+5/+HEvZwQX2p6/gsZRtlnh9LKlUkA9kF9:otS1XZHX/edIU9m93+5mq7FZRtH9LKlb
                                                                                                                                                                                MD5:61246836FF103A39EC6F86EA0272CD06
                                                                                                                                                                                SHA1:58B2E1F5113A96C324BF96F92192B567B1E1D89A
                                                                                                                                                                                SHA-256:9DAA9D866D7C8C639B9E7B97E593FC81BA62B4B9CA5BFB5B9C472DAF9F242D4E
                                                                                                                                                                                SHA-512:BD60857DA0018B1547A3A6213A53B95857EC18CEFA4902CD58936D255ED8D0360410928CA3EB4AD10A6147FBCFC9F15BAAC1F6C26335DC2A0C67BB6694AFBD28
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......,...v....... .. +..2...>.......|...v...H...@....*...........................................................................................................................................I.......I.qk..B.....LZ&;e.G...&;e|....&.z...$&;e|....&.z...$&;e..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.................l)".%...O.`.....N...^...............$J\...|B....:..r........V...x....................................I.qk..B.....LZ................l)".%...O.`..................................&;e.....&;e.....&;e.........................................&;ej.A..&;eT....&;e.....&;e..r..&;e.....&;e .7..&;e.....&;e .........Z4...........................................4../4......p...............C.a.l.i.b.r.i..................&;e.&;e.&;e..z...y.. x.. ...........$........4...!..7!..7...............&;e;&;e.&;e..z...y.. x.. ...........$......
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):14177
                                                                                                                                                                                Entropy (8bit):5.705782002886174
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:EbgGcV/hlvpfal7rgYa8S7auAxwfuSTmCSNoFQ6NO7L:EbgGcVnpwimnd38FdQL
                                                                                                                                                                                MD5:7CDCE7EEBF795998DA6CAC11D363291C
                                                                                                                                                                                SHA1:183B4CC25B50A80D3EC7CCE4BF445BCFBAA6F224
                                                                                                                                                                                SHA-256:DE35AF949D4F83E97EE22F817AFE2531CC4B59FF9EE6026DCA7ECEBC5CF2737F
                                                                                                                                                                                SHA-512:560FB15A9C12758D11BB40B742A6EAD755F15AD10D6C5DEBA67F7BC8A2AE67C860831914CBCBCDED9E6B2D1D5F26A636B9BCEF178151F70B4D027316F94F27E1
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!.1..A....Qa".q..2.....&...B%6.'..R#3.$E.r457bS.DUFV.Wg(.......................1...3.Q..2Rr....s.4.!Aq.S.aC5B$%............?...n.Liq.}.{#....3/gg.1.M +..~3...q..+=..:.g.i1;P)7.....q..n.s"p...wx........v.t.f;..L/..~....y.r[.r.....n.n3..6i..g..}../........3..x.L.i?We..l.......~..<.;..6..o.....N.t.o6.l..~.......<...m.V...Q.7k.u./wq.t..;.I...}..{...>.L..3m..a....yd......6~.f..~Y..}+..<.[w..'-..?.v.7...v.u..4.......1];..u.MO.......s..p..ms.'.O-o...O......m.k.e....)t....i>..E|....,iOyD|.{......g.n...cu....=..........h.\.Q:?g/?.I.3._...t...d.n.0.%y....S.Q....S.&K.w..&wY<....%.g.v.....$y..#,i;.=...t...I6..yO..o.d..w\k...~......)..rK.......].u....N....e.s..kU.u..'}
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):49152
                                                                                                                                                                                Entropy (8bit):4.641750165578378
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:W3NQhO+JJTtTRsH+3o3NhMI4QT3e6Me0r:sQhO+35RsHf9hMI4QT3e6B
                                                                                                                                                                                MD5:B50F7A956286D51A8C930FA00CE04BD6
                                                                                                                                                                                SHA1:F4093EAE0637F30C6D8556C38F18E14382408FF4
                                                                                                                                                                                SHA-256:52346F7E52D04C033820E72516B7035AF8CA2C18FE5E2B40024C58BD4B24149D
                                                                                                                                                                                SHA-512:FF993F663CA6B7BD0E7C2F420677E276E1CFD6EDC29971549C46E5120BFEBEBE54AFBDAC2591B74292EC6C5D346438E993FAB62ED869B6081196C1948AA144FC
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:&...&....&......j%..&&...... ..(@..0`..........&...&....%......j%..B&...... ..(@..0`..x...............................................................&...&....%......j%......X... ..(@..0`...................#...(....8>G.............b....V..5..c...x...Bf....c..#.G.EG$..Y".m=.#.G...a.o...,VR.....a..........tW......tW.....................................................T.o.....T.....8.T$..."..T#...f1.T....2..T.f..@d.T......!T#E...........0...........e....4........................u.^s.Q.@.).~b.......(...@kO.....(..."...P.l.a.i.n. .a.n.d. .S.i.m.p.l.e...j...P.a.g.e.L.o.c.I.D...L.o.c.V.e.r...P.a.g.e.V.e.r.C.o.m.m.e.n.t...P.a.g.e.O.v.e.r.i.d.e...P.a.g.e.N.a.m.e...2...0.0.0.5.2...1.....0...U.n.t.i.t.l.e.d. .p.a.g.e....................<.B.....-.%..!.......!,...J..:..$..2...j...^...<...........n...X..............k......."....D"..........@d......q....c..,0...e...B4.$........{p.....G...^...?@kO....................D"......D".......r. :_...d.......d.(.!J.^R...w..*P..t.(.<..n.*....2
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.388583914800847
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:8s5aizWrZE2HYtcfE8ovXH9OuECcfrdhSrJWwotXF89GsF:8sFWrZ54IE8uXH99jaRATou
                                                                                                                                                                                MD5:614AD29367B8969C8696BBAC3A6D0BFE
                                                                                                                                                                                SHA1:B4799ECF0E8F76FB0A66682C29799772D1E99192
                                                                                                                                                                                SHA-256:50F48AA5D22AA38362CFD223CCD3A5D5E65918B2D4D293FB8F30D8B3D53025E3
                                                                                                                                                                                SHA-512:55055593B2AEA9D7272FDAF28A6D0460B507F178E9787F2F736B7EE7018DBE73B3E78C365C0D1953CA955388BEFFBAE226922B0B6923870ADF48F69E68D3278C
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZh5p.....h5p?.~..?..#...3h5p?.~..?..#...3h5p..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............b... =..5...2......N...^...............Xj....XN..D...........f........................................I.qk..B.....LZ............b... =..5...2..........b... =..5...2...........h5p.....h5p.....h5p.........................................h5pj....h5pT.]..h5p.....h5p..B..h5pH....h5p..B..h5p..>.)h5p..J...................;........4...4...4.."..............h5p.h5p.h5p..z...y.. x.. ...........$........4...(..7(..7........................;........4...4...4.........h5p.....h5p....#h5p............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 814x105, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):12654
                                                                                                                                                                                Entropy (8bit):7.745439197485533
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:JheN2cq6MLu6MLGu54cHeNzhcmhcDu53eNE3UPkhrxvu:Ji2Wix7fzVsbE3Zm
                                                                                                                                                                                MD5:4BCCCDBB4273ECEBE216C84930A8D0B2
                                                                                                                                                                                SHA1:FFBF617787E27BC94D9BAF89F2FE34A2BD42794B
                                                                                                                                                                                SHA-256:474F9A8C25D5E21192315397EA995B1E11E2C1608157C6E0277688091BFD136A
                                                                                                                                                                                SHA-512:DAD73A8C0E293B88685C0C71EF15E0DC95EE39B7FC9F849DE5D634173FD9FA0AF0AA96742D9E94BE03556AA4A817D5001C95A6736EAD5D5DF03661876785EB74
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H.....C....................................................................C.......................................................................i..............................................E.....................U....V...f..ASTc.......de.1Qq...!Rb....Ca."r.................................B....................b....Ra.....!Qc.....AS.1U.."C...2Bq...$#3%&.............?......3.....~......:..g..s"......:..g..s"..ic..Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. ..0...Q_..X..V5E~..c..X...@u...cTW...0...Q_..;.m.....@w...Q.+....*.4W...lUFh....v..._..wn...dW....y._..v..E~...*...@wn...dW....y._...v..U..@wn...d..{`;.|U.2g...*.3...:.0?ViN.z.@w...4.M.:m..`~..i7...q...I....J.`l...W..n..PQTiB...6....+..sj.*."...6....+..WA...x..A........(.N6`..AD.q.....'S...t.Q:.l.......f.]..N..0.. .u8..A........_W..Y...}.C...~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~.v..?U..^.r..}..Bep
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.319695976110948
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:8szI5eeSFFcgatPs7UEp8BXuhF93tuqfcFrdhSrHy3fhFtX0E9PnR:8sOevFKlp/EpUXGF9duEYRAMFR
                                                                                                                                                                                MD5:92C9743B7E742C0660476D864C49A56C
                                                                                                                                                                                SHA1:87C573A62C601814F23DB7D5AE27496688DF711C
                                                                                                                                                                                SHA-256:1DBC86A74EBE9E0EEDE3FBFC0B5626023569EB7CA562003EADAD6084FD07B7C9
                                                                                                                                                                                SHA-512:5938431890A141254A3C7B07C65742695DEBD10697EDC6149147623CD9125F4B9951505ABBF177FD846B8FE8D6E9DFC0901236003F5A47583BD22148F18EB1F0
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ.*(......*(...;.!...Jq8..*(...;.!...Jq8..*(..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............]....)..............N...^.................4-...N.Fwt.$*r........f........................................I.qk..B.....LZ............]....)..................]....)....................*(......*(......*(..........................................*(j.....*(T.]...*(......*(..B...*(H.....*(..B...*(..>.).*(..J...................;........4...4...4.."...............*(..*(..*(..z...y.. x.. ...........$........4...(..7(..7........................;........4...4...4..........*(......*(....#.*(............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 728x77, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2695
                                                                                                                                                                                Entropy (8bit):7.434963358385164
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:N9YMsguOZgKAz2vcaQU4R8r4BU0/Rc4nbIQdsohw13ZmFLY6KsVvMdBL2mr:/hsEgNz2v5T/rQC67SoWniHK4EdBH
                                                                                                                                                                                MD5:B23DE98D5B4AFC269ED7EBFDDECE9716
                                                                                                                                                                                SHA1:10AF507A8079293A9AE0E3B96CF63A949B4588AA
                                                                                                                                                                                SHA-256:646586CB71742A2369A529876B41AF6A472C35CC508D1AE5D8395D55784814F2
                                                                                                                                                                                SHA-512:BBACBE205EC0A4F4E3AB7E2B1DEE36FCF087DDF77C7D18B53AEA4B15984A47C64E19F9B8D8FA568620619CEA0361D94FE7ABEA6E502EC6ECAEFE957F42ED7EE8
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......M....".......................................,.......................1....!ABQRq.2a."CbS.......................................................Qa1A............?....{............i........l..-D.q.~..|cS.S...R\..d.8,!.....]f$....Q..di.;~5......vj......MqCe..=.*.f^..=.}.Cm]qCd..s=..u.e..v..t'.,.....S.s..N...>.d4'.,..k...N...d..9....G...y....6J.Y.l.{Vf...^B..i.3.z....:5W#4@.S\fj.%..Mb.5.v.5......S.E..#.v.I.....I......m..H....D..|.Y|...W.Wf..o..U.0.E..@.T.....................................'.S../...Z......!J..1K..rI...T.f.>.+.N..o.....\..^u........e..q.qK.GXP..-...F8".;5J...]Y......j.a.,R.......J.N........z}<qu..J.)`.}X:..}.............B...[. ......,B.).b.......(Y.O....c\.o.e&.W.#Bo..N|..N8.#J.>1D.1..b.&....q.#..UT%,.d.....m&..^...VXA..b.nbTV~.....^........q..#./.I..=Q..=..Y.*.Ib...VZ+......Y.........'.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.35744149524194
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:E1ZBs78SrdzKTUBtlcME/EgGXrM9NfclrdhSrvcStXcj89nnbJ:E1rsXtOSRE/NGXg9NfQRAzKm
                                                                                                                                                                                MD5:AA4945EBFB8FEA9C16A9C58A9F6CF558
                                                                                                                                                                                SHA1:AF35A78D6F8C6666797B43080841A4CDC94EEBEE
                                                                                                                                                                                SHA-256:B58625B393B3589C0889047D5D25DC318A309C6C29A9523EF8015961B8E1046B
                                                                                                                                                                                SHA-512:790DBFC1F751AD024493B68219823F053810169D6F0906A4A00DB6AF6A3255DBB43EAE59903313F6F5801FEE79A8B8E8E09F6A53A1B07D24815F0161B2B3A448
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ............}..3.[..}f.....}..3.[..}f......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............+..Z.....}.k.....N...^.................r..?.E......m.........f........................................I.qk..B.....LZ..............+..Z.....}.k...........+..Z.....}.k.........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...(..7(..7........................;........4...4...4........................#...............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 69x630, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):11040
                                                                                                                                                                                Entropy (8bit):7.929583162638891
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:u99+91V42ho91V42ho91V42ho91V4235z9pUkDCyixxo4PS6b8tEy3BcWWhhSy0b:ubKD4/D4/D4/D4uzX38u4PNYJ2zhhmb
                                                                                                                                                                                MD5:02775A1E41CF53AC771D820003903913
                                                                                                                                                                                SHA1:2951A94A05ECF65E86D44C3C663B9B44BAD2BC9D
                                                                                                                                                                                SHA-256:83245F217DEAE4A4143B565E13C045DBB32A9063E8C6B2E43BB15CD76C5F9219
                                                                                                                                                                                SHA-512:5A1FCC24BDD5EE16BC2C9BACF45BCECF35ED895EAC22D2C4EE99C1B7E79C8E8B9E5186E3D026BA08FF70E08113F0A88FBF5E61C57AF4F3EA9BA80CE9F33410E9
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H.....C....................................................................C.......................................................................v.E.............................................S..........................Aa..!12Qqw.....3568rv........".....4Btu.....#Rs.(W..bg.................................D.....................1..2.!4Aqrs....Qa......t..."3BRb....#.$S.Cc..............?...K/h._+.N6.-.a...5...;.r....,...0B.s(..zp..4.%r|q..E.Q^.../...C.R..?u.q8XN.>.e..:..gJ...._.n>.70G,..(........3b.&.5m...Q../...7Ie..k....e.l6..&..`Gt.P.Y^r...=..Y.e...N.B...O.#..J+........u.V;G.'.....V.]8..C.]..........E.....c..w&lX..f..\T.J?...F.,..m|..93........,.....+.R..WG...%.....(@.....p].iEz<.8.^...J.h.....a8P.1......(z..y~.........H.Z^.>..<.....L.k..IG...R.(.%..m....&u...B|.....@]ey.W.J...!d..R.8...[..>8....(.G......!.)X.....,'..F2.Z.t..Aw./..Z..#..i.kK.......b.i...qR.(....RE.............O.XP.#..(...9J..]...,.2.[w....KrW'...tY.......{~.:.+..
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.495284676698598
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:6s2UCUkFPo9D3tUEP3F7S6X+9JT8tclrdHrvotXVvDKk4fhSXhn:6sWPoF3WEP3FZX+998tIRLw67hSX
                                                                                                                                                                                MD5:11CBB0B59133687FCCE614A244115632
                                                                                                                                                                                SHA1:AC407DC2C51DE6E8EEEA857F391B6534E9D1D5C3
                                                                                                                                                                                SHA-256:97D6497729DDB6FABF9DA0071126034147E621413B32A6A13D0CCD5158156E45
                                                                                                                                                                                SHA-512:1A81CA074ADE770CCD1C5CB7CF56D5CCDA328C8E42FBD0CFB72B78C8081B8D6C4DB5CCE80C3D0F6C48BD2FDCC825D2E1783CB8F31778EA569894BB7173693169
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......p...v...d.....................................................?....?........................................................................2...>...L.......v................................I.......I.qk..B.....LZ.K.......K....P.9..7>.".K....P.9..7>.".K...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............-...a.....C..@....N...^................|e.G.9J._0..s`.........Z................................... ....I.qk..B.....LZ..............-...a.....C..@..........-...a.....C..@..........K.......K.......K...........................................K.j.....K.T%c...K.......K...G...K...H...K...>...K.......K. .3...................;........4...4...4.."...............K...K...K...z...y.. x.. ...........$........4...(..7(..7........................;........4...4...4..........K.......K.....#.K.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 105x441, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2268
                                                                                                                                                                                Entropy (8bit):7.384274251000273
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:N9YMn9H5gXlM26vroVXWxyNnl1LmLR+rn4FOeewGhDbby:/h9SlMdgm09ll8R2/rby
                                                                                                                                                                                MD5:09A7AE94AA8E517298A9618A13D6E0E2
                                                                                                                                                                                SHA1:FA5181A7414BA32F816BF0C4278EC20C615E8B1A
                                                                                                                                                                                SHA-256:3C68C7EE798E62A4A99C740153F3980D7DF029605C843410942C7F85E794823B
                                                                                                                                                                                SHA-512:074E9A2BE2039D0AFEAD360157550B934FABD0CB86B5AF476C1FBC885EE60331F5A68EAF70BF76E23C8248A20FB900346839F4AA8892370B5889E64948DCC6E2
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222........i..".......................................3......................!.A..1Q."q.2BRa.b...#$................................... .......................!12AqQ.............?..D.z.4....;.....7...3.t<!..d.O.....+O+.;.z6.4cz7E.........U.Z)-..@..y...........}(W...<.xv/...5.ew......yN....n.Tk.Tm.Ty.vA=...T..U....h...e.8.5%....'......e^......L.g.$.~e..O.._...... .F`.....xnL.<.......]jfv...}..\G..c.......-%...#.C.|.].`..^..W..c..B..5D.QSTaZ.5A=....BU..z%.4.h.6..=..U...W.$..l...7.:...........IPQT_...~..i..x....~.l.|.n.J..TV.21.Tg.....................j.z!+.-............"j.j...)*..TT...."....T.Tc.**j..............j.z!*.h...&.&.&..e.%..TksTW%G.?".l+$..c._9..[x...TU..........i~X..#'.qm?ttO.....}*.i...q.....9..r..?..W..d.w...f;..q...tZh..0.....2.......OD%Q-.......$......56.K.O...y._..*_C.k..p9.p..O..vu...'........0v
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 76x97, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):784
                                                                                                                                                                                Entropy (8bit):6.962539208465222
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:869YM8fij0W/xfuCp7ovv1bidiMn3bGi6AETQcdH8SADjoZgV6v9jUEvS3/g:N9YMWeI424diMn3yinsQeHvADu9QEvJ
                                                                                                                                                                                MD5:14105A831FE32590E52C2E2E41879624
                                                                                                                                                                                SHA1:078FA63FC7DB5830E9059DF02D56882240429D90
                                                                                                                                                                                SHA-256:D0A3A1C3CD63C4023FE5716CBE2C211307D0E277E444D9EF76C7FC097A845FD4
                                                                                                                                                                                SHA-512:8FC0ED24E8EC14C46EA523D9265DE28F85C5FC57AA54AD5B9CA162E95F79221E2AD3DD67D1293CF756B67F3D3DECAE122254134EA8D4D00DDED02114B5383947
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......a.L..".......................................-........................!A."1.Qbq....2Ba.........................................................1............?.....3.Ty\......vs....>.>..a.W..s89.d...Z}......rz...`...Z.r.do....u.W.%....gf.>.L..xz....B8=w...g.~g."HD...$..IKJ......nn..*ly..I....L...\q...Q;6.KrxZ.,...j$..ZQ..)f...q`.*..C1..cZ2]-..\.~..J.....^..(.f..9m?..C.NI.UL..X.fy.Z.........+n....r."Z...d..R./\.#...kd.D.5.!...h.3*s-+.......Xjt..}i..rK..y.../>u..]N.....Y..J......1.x./.....F6.......I...._3...k.sM.+..v;.%|.f.~.......:y....S....UKovh...W'........lF... .................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                Entropy (8bit):2.715818552171664
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:IqLswmeAJlVkBhLrWEnr7XX9yc6twJjRQ5jpqdqRqiqeqdq2zqIq:9speACzfr7XX9/6twJjRCjpGmFVGjv
                                                                                                                                                                                MD5:FDBF4257BE10447C6BB437733B816B27
                                                                                                                                                                                SHA1:E60EDB24E720EE6D1B7E7B7D23578F7F7567BB97
                                                                                                                                                                                SHA-256:20B0BA4F139C2947EE6B990C3C1FCF8E19023173C0152454BC67D5CC440930C0
                                                                                                                                                                                SHA-512:991F3E9A4B129CEEA0627D49F0C822E8F0C426E0FE10BF15C291262A7C29A323DD25C2F24F1A776BC0F019A3139048A821561E7B9EC8BF1CD9B6C583254773AC
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>...........v.......................................................................................................................................2...>...........v................................I.......I.qk..B.....LZ.r.......r........t...h<.r........t...h<.r...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............6...h....&..gh.-....N...^...............Q..r.m.L..<.................................................^....I.qk..B.....LZ............6...h....&..gh.-........6...h....&..gh.-..........r.......r.......r...........................................r.j.....r.T.l...r.......r...Q...r...Q...r...>...r.......r. .3...................;........4...4...4.."...............r...r...r...z...y.. x.. ...........$........4...(..7(..7........................;........4...4...4..........r.......r.....#.r.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 95x498, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):3009
                                                                                                                                                                                Entropy (8bit):7.493528353751471
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:aRCTf+0hagMrbAZMJShPdvF/5OzlQFlDF7npkDdWvVBTEnBLT6NrgCX0:D+0YgMrApL553JtEdEVcL2NcX
                                                                                                                                                                                MD5:D9BD80D40B458EDB2A318F639561579A
                                                                                                                                                                                SHA1:83BA01519F3C7C1525C2EA4C2D9B40F28B2F2E5E
                                                                                                                                                                                SHA-256:509A6945FACFB3DDC7BE6EE8B82797AD0C72DB5755486EE878125A959CC09B59
                                                                                                                                                                                SHA-512:C368499667028180A922DD015980C29865AEF4A890C83E87AE29F6A27DC323DD729E6FB1C34A2168A148E6A7A972F65A5FC8ACE6981AF1D4E7057D99681CB366
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H.....C....................................... ! ..''**''555556666666666...C......................&.....&,$ $,(+&&&+(//,,//666666666666666........_.........................................:.......................r.!12BQ...3Aaq.."CRb.....#4$c.S.....................................................1A............?..p..-.....u0$.......l......)..o.FTd..DG....... .t*e..jO..Z.U......r..j.O.,..VD./.....V5D.&......A..Zi....E.N....*..........#..M<|.2.Y.../QO.x.cTM4......+.F;V.x.de*....]e..O.x.c\Y........r..j.O.,..T...hw..k.^.[B..J.sEl.w.x.m.5%zzt0..T.......b..<\.3Q..W</..!.xh6..Z..\.+M.o.Y..1............#.........|.a.l.KR>..U......e....@...\.1Z...Y...[....F.6.t.#..Z,.x.Q..[`.X......#........W</..TM..-H...V....Tf..........r..j.x.df.f.....#..l.KR>..U......e....@...\.1Z...Y..Y.us....D.)....Uh....FkYm.m`P...W .V.g..FjVj.\..1Q6.t.#..Z,.x.Q..[`.X......#........W</..TM..-H...V....Tf..........r..j.x.df.f.....#..l.KR>..U......e....@...\.1Z...Y..Y.us....D.)....
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 700x114, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2266
                                                                                                                                                                                Entropy (8bit):5.563021222358941
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:TuRCTP9rSTfIEe1HbcVY1YbDXq8eCI0bf2QQe0GVDQAzZw:aRCTN7HbcW1YbDXq+I07Ien0AVw
                                                                                                                                                                                MD5:DB8A181E3F0EAD4A9472099E42ED6BE3
                                                                                                                                                                                SHA1:92096AF05CC6167B1AA816811A1160B809393FA2
                                                                                                                                                                                SHA-256:E9746B4E9AE9CE7B3B0068779DB3E113E2DFC9880F25373D745D0E700E69A906
                                                                                                                                                                                SHA-512:A9E246E10E28D057090BA9F034ECE6131780D7F794C5C9421523388997C7EDFBB49BC32B863B6C6668911B359C304AA54969B48CB9234950D5CECD2A6F3EFFF8
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H.....C....................................... ! ..''**''555556666666666...C......................&.....&,$ $,(+&&&+(//,,//666666666666666......r...........................................5.......................!1AQ..2a...."Rq..#3BSr..C..................................................................?...X.....U...j...F.W.V]'KV.uWt.iT...{.......`.(.....V%..=.....z......V..ct+.U.B...@.............................................{.....5.........0...x4....c..;...........+......|.7E.%.9.1+}..d.........+.V#.P.HUL.E...g.li...8.>U.";0pi.]5.\..zo..."@.........................................y.6.mLN..S.....@...i..A..p.......~|V9.+.Xy.........+,L.....7Z7..p...-X...\.....:-...i....v.1...-..H....9.zk....l....^.......:.."^.t.Q.F...X..B..$............................................a.%f&3..1.5+.X..'b7bwr.).e.x....!...H...aa_..kD...b..g..p..K^.k..qX.[,.........Q...U..x...YMvj...w..:k.....j.W.8..4....c.u.}m.....o.=@.......j.S.t.|.....5h.y.%.~...G
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.304606470564318
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:Yhs+emu5vhYE5EgXMX92rwisRQy6hqmBTpn/:6s+emuJh3mgXs92psRJ6hqmBTpn
                                                                                                                                                                                MD5:91D8E8DE4339ABAB74715599FC32D4F9
                                                                                                                                                                                SHA1:9495E1AF1DEDA28CB3F69D2503FB6FA170FE37B7
                                                                                                                                                                                SHA-256:AD07C38D0B50787EA19FCDE8E1CBAFDC9F6134D8F676E2A08951CBF40E76A4A8
                                                                                                                                                                                SHA-512:AE292172367C98973A2A9EE39A75DBEF8820BD710002A0068B46747CF5C72A8CA74C03030DE08042B2FC1C7894EA6C969609516681F365E9D04127C9A3D5287F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZK.......K.....`..h...u..K.....`..h...u..K....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............Y.....0.?zg/........N...^..................0...A.N50..84........f........................................I.qk..B.....LZ............Y.....0.?zg/............Y.....0.?zg/.............K.......K.......K...........................................K..j....K..T.]..K.......K....B..K..H....K....B..K....>.)K....J...................;........4...4...4.."..............K...K...K....z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........K.......K......#K..............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 813 x 99, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):99293
                                                                                                                                                                                Entropy (8bit):7.9690121496708555
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:Moq1jVORV5NO5xLCBaaNk4vhpCr1CH/DATOQlWvHMHojiaAMrxArLFRZPj19AWFz:eVEbouBaIk4T8uDGOQlVHvaAMkhDh95V
                                                                                                                                                                                MD5:EA45266A770EEA27A24A5BB3BE688B14
                                                                                                                                                                                SHA1:9F0B23B3C8EBA4FC3C521E875EF876FBE018F3C8
                                                                                                                                                                                SHA-256:EDAD0F03E6FF99FEF9EF8E8B834CE74F26CD23C5F8C067F5CEE66F304181E64D
                                                                                                                                                                                SHA-512:D4EE36BDA897BBD643A699A0332DD00DE9CDCC6F46D861789BAD259A4BF87868AE3B4CFAAB6DFAF29941C7055B77A95D76BAA86A4A0DB2BF3BAF7E3317F03EB9
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR...-...c............sBIT....|.d.....pHYs...........~.....tEXtSoftware.Macromedia Fireworks 8.h.x....tEXtCreation Time.05/15/06.8.p....prVWx..[Oh\E...y3kv........`.%m.R..6.1.4).o..Ki...D.......P!.].=..K...C[....f.}o7VPJIg...{3.|....d.....i..=.4.u0...n y......@j..Q..f)..mQ...4-SJ..9.d.?..5\-....:b.W..i...c.5..{..pj#.....B1C/.I.......].Su.k?.2..:.9Q...5.U...UZ...e..U.c],..2.}...1..)W./..Epr.Zt.....K.=..{......e..."...v..B.4.#....A.V1.".V}t..[..2f..Y..V9.".6.......(..gbm.P.....Y%2.c.z.:Q.2.<tYF.....u.@..KJ.;u.q:.].....$.....V....Hqk..DW.l.e.j.Z.YP?:'R..*.<........6...m@..r..j2..HK"|..L.Nc..D..y.9..B4$.......`.3.m1LE....7(OU\+./.O...%6T..w......h....).I.&n...*......#..W.41...5.#.`..I...<.?.|..*+Q.....#i........$,..n...`.s....[..E. T.w..j.,&-.r..;a....#.>(.P......f...MU\3*..;B....)..5....z..(....-...a.....}y.l..E...z>......&..g.$.....*T...N....E:./.>..#...^..E.0..%......(..@..W.X.NDM.<~.]A.>..fW.O.y.'...Z...h..).F..
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.298687959225677
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:YVUKVspuQcGF1WZ/+EPpXQk/Y9+18RQywD1Q/f7dc:qspuQc816TPpXQkg9+18RJ+1Q/f7d
                                                                                                                                                                                MD5:EBAD91917C382D3D6EDB13FDA184DE23
                                                                                                                                                                                SHA1:60697DB78C903AA26DA414B40B79050E4A63A18A
                                                                                                                                                                                SHA-256:C185A0F8D1CAFCC545324A6B51F0A64EC956CBCA4202033D614812C16BE4F179
                                                                                                                                                                                SHA-512:0B745FC8883CAE09DDFD20CD8219AA4E2823530352877270093C81902A0C940D3F3FD45AC9935163D826C1B8E7F33F4329AADEAA742BD0A82E9664DD3B20C07E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ.I.......I..&....+.."N.I..&....+.."N.I...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............o.vu....Y...5.....N...^...............aV..$..A......G........f........................................I.qk..B.....LZ.............o.vu....Y...5..........o.vu....Y...5...........I.......I.......I...........................................I.j.....I.T.]...I.......I..B...I.H.....I...B...I...>.).I...J...................;........4...4...4.."...............I...I...I...z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4..........I.......I.....#.I.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 780x107, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2898
                                                                                                                                                                                Entropy (8bit):7.551512280854713
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:N9YMTXc4gpw+EIWnqQ5G+NE9VTzRFvS4+Xh+AKrNx+JuCluc3Eeky8etajhDCFex:/hDc4rPIoNEzbS4+XhOrGJu1cUHeoVey
                                                                                                                                                                                MD5:7C7D9922101488124D2E4666709198AC
                                                                                                                                                                                SHA1:00CC44A1B84D4D94A0ACE8834491EB5F65D04619
                                                                                                                                                                                SHA-256:20016E5FA1A32DCE5AF4E92872597E36432185A7BB2E61C91F362BD68484529B
                                                                                                                                                                                SHA-512:882944B2CF040485899128E03B7499C540D481E45FE8017DBF4FE0330157B2D8ABB7334DDB31C112BA0EFE3722A554883917C54155A7F60044D2D7F3D848260F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......k....".......................................2...........................c.....TUb...Sa...QRqr..............................!.....................Q...R..!..............?...$.)m.1...%%bV.J..H....-.%a[...I"WJ..:.X.:TT.$.......N.-NR.E..-NR.E...9..E....$.k.....B.I,I)..J...kr..+)..I,Yj..YbI..+,J..e..Z..V.e.$V..TV.X..V.YQZ.EQ..U%PY[.[.R.EP............................| F.. ...j*...!m.!j.I%.j.$...YeEYYEEUE..eY[.hEEUeEil.....%..el...V..TUYA.U.UTTUT.Z..UQQUQE...V.,...UlE.U[.lEP.P.@......................................R1...AR1m.....#..$:.T.p..IJ.t.....A..AH.,5..]F!a.XJFaa. ..a.!*.aa. X.e.......bB.b..,HX[,!..,,.c0.,..U..X..(,,...B(.,..4..B.`..".a..-......"...........................>D..IKEb...t.....)u.....)K.%+L\.J]i)*b.JR.IIL\i)u....T............T.....qs.it.iJ...])ZJb.....X....U.A...V1..B.R1....X...,.c...,%X...,%#0...,H
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.346248930480702
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:eBsnQ8jUWteCVKxESh73OXyCf9u+oZrdQqrRWTc/lBXN4E/N8g:us9jUW0dxEShLOXy29hQRQyRtlDZ8
                                                                                                                                                                                MD5:87571CA501308B9B714263DF48F9EDFF
                                                                                                                                                                                SHA1:01161707F41EDE023A656F4304ECE69533DA7016
                                                                                                                                                                                SHA-256:F3582EC7B41260981A8876A09C629FBC602387C0A0D934A0BF035A123C6B3A31
                                                                                                                                                                                SHA-512:6E6F594280575DD30484238BD2A08078864E09B5694129B823FAFCD9118DEDA6374B1F6B71A1D2AC8DCE25B94F813F5176F2027D82E5CA9540F1EA56A610D780
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................I.......I.qk..B.....LZ:......:.X.|R.+....UL.:.X.|R.+....UL.:...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............e.......<.r....}....N...^.....................J...R..c........f........................................I.qk..B.....LZ............e.......<.r....}........e.......<.r....}.........:......:......:..........................................:.j....:.T.]..:......:..B..:.H....:...B..:...>.):...J...................;........4...4...4.."..............:..:..:...z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........:......:.....#:.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 613x144, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):29187
                                                                                                                                                                                Entropy (8bit):7.971308326749753
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:RwjBOlCk+nYnGagKJWJhwMJiRO22ZIm4VXvXx1tA6BQs:i8snY3JW7uROlEfbtVL
                                                                                                                                                                                MD5:DF99CAAAB9A7DE97B63343E60A699AB6
                                                                                                                                                                                SHA1:B84334135CFB73BC6EF55F85926770D5AC6DFEA8
                                                                                                                                                                                SHA-256:74C131777E7C437FD654427417097BC01B0813BA8E1E50E4B937BD50A1BEBCDB
                                                                                                                                                                                SHA-512:5D15AAAA8B71DDFE01A7C0ADE16D9E1F5E9AAE484BCD711B38CCB103ED9564CAAC23A0031471167B660E15972D70179C2A387509B213C05D60261042A0456025
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H.....C....................................................................C.........................................................................e..............................................`.............................!1Qq...2ARa..."#.....3BSbr...$4C...Tcs......%&DUd...E....56Fe....................................H........................!1Qa..Aq..."b....2R...BSr..#...3..Cc....$%4...............?...b.d.8T1.;#.S.DO...~.R.......3.xe...z.6..."m..k...;*.'.f.5^.....m..<$....8.R.j.D.v..>...*dT..vGbt...I......sEWp.r3.. ..G...6.....w...l.S..q...b.....-R....^Zu5+u6...A..Z].:...5..Uzn.,l.L.....?%.*.S.+zVg7.=.s.Q.....8..:,c.......ZE...>'IF..W.0.d.......c.e.d.V.t..S$.DNR.[....g..#i.$. .U.SK2.....k...J5u u\R.....T.[4..A.O..,.T..................] .i...B.m.^f....._...{S.....<......:..|D...+...NA....Y.^f.1|..%K~1..B..^...S..v=.c..g.tX[..kTJ..t.gr....R..@.F....5j..2.K.9..g.1N.....*.U...^w......>+.l.v...@N....%Qd...t.Ni.....0;lggm...K".+!.,.....[J...>..?f.]._;
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.352920906164443
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:osbS1AEz6y+b+tSScEYYOt7YFXg9mtoRrdQqrUHY6BXlp6nXnX9Jnl1nEnXnMHnd:osREz67b+iEYY68Xg9WQRQysY6Tga
                                                                                                                                                                                MD5:FDEDEC29438FF06A2EC665172ADD552A
                                                                                                                                                                                SHA1:A73BD04D31ADA2B4A9E71CB7E9D5D48C968EA6D8
                                                                                                                                                                                SHA-256:46E65A7E3B632E0551DA8C446014318418306C720018A5C483ACA44DA9697ECF
                                                                                                                                                                                SHA-512:F0EFD00AF42253CD0F0AB74D84E7A7561909D4E168EA6458443AB3B9204FF8BAA1F09C823251718356F9DD19256C8EC4C37668DB6EF127B2442E54030750F9F0
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ~.......~.........g.M.V.~.........g.M.V.~....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............j.."B.2. ....R....N...^...............&"k.lQO...;.S..........f........................................I.qk..B.....LZ.............j.."B.2. ....R.........j.."B.2. ....R.........~.......~.......~...........................................~..j....~..T.]..~.......~...B..~..H....~....B..~....>.)~....J...................;........4...4...4.."..............~...~...~....z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........~.......~......#~..............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 276x139, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4819
                                                                                                                                                                                Entropy (8bit):7.874649683222419
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:/hnQiz+ET2/hDi+tv34VtpWfowTHgegb6hhLT1NTS:5nQ6TAhLtvIzMvbi6hhF0
                                                                                                                                                                                MD5:5D6C1F361BC04403555BE945E28E53FC
                                                                                                                                                                                SHA1:00C254F7B3BC0289590C2BBDBB39C8EC2E2B2821
                                                                                                                                                                                SHA-256:131D637CDC5D0B094FB9FAD17F4D2A1ACE0D03613588155AACAA2D1CB4E16DA9
                                                                                                                                                                                SHA-512:34D2C0929FCC3CC10D0A2121BD55BFA9A07062C2A7B8F101071164C946895DBCB2777641E79DE4193D57A3F0778DD4F1351FAF333B7E4B4DBE31A32DD69C51F9
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222...........".......................................<........................!1..AQaq"...2B...#Rb..r..$3CS.cs..................................................!1A............?.............u....p.p($.Y...9,j...V.*..S86yh.G.#m.5..9...6Y.."C.R:.[..-.7U3c:..].;.....f.?%..<T...&F.Lh.N...m]..x.D.g<B.....k..S........>j.K....#U..Z....<e.:..8....o..xq.[..4v..U..y...k... k....A#..A...pn.jJ.I.7:..{.b..ns.t,...8.Td.I....m.I.5Z.).-.. ]..X.Do%.....?..4jV.`llt.E...5...u.|..\F.=.F.r<...5dV....xc.%..&...4,...f...3..H.<......eQ...P.J....7...lLc..?..-.fR..7.#.6.......}:.]'.ny..........e;u.Y..$0...i..-....f..9(....}..T,.Inb...+=Cca7....WULA1@.s...4uY5.N.f.c..].ks.....3v..~..k..m)...f gNE`S......#.....Z..6.uc.m...#k.s.f*.l.$6..?..xC.Cm.`...N2..&H...._.&.E...[....f.Z./...!.a{K..#.V.5..v.B....1...9..B.&....%s.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.335518585876151
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:s9s6ecEJSX4KEsmtwm9EnV57dXx9is6oMsrdQqrqPBX1fkmSOEGSv5Z5:s9sPKEsmvEVddXx9l6sRQyUXfu
                                                                                                                                                                                MD5:B57481C717479B94E08711A523B5A661
                                                                                                                                                                                SHA1:4EA51BCA851C5F62B618E595356712D946F54E2A
                                                                                                                                                                                SHA-256:F14E612907D249B09338F6F99826FD47D36C4DE183FCE24A351C94C16BA79703
                                                                                                                                                                                SHA-512:BD9D3AAC1F8E5C9782A83C3FD433494E0C3D6F1744256D49D77DEF10FEA39651C99BE13167483D624BF278B6533705B2450D21765E1174649E0A14A9C37D6BC9
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......V...v...J...................................................................................................................................2...>...2.......v...~............................I.......I.qk..B.....LZ..A.......A...w........A...w........A..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............@.;.y+.......Q.U....N...^..................&._.C.3...X..........f........................................I.qk..B.....LZ............@.;.y+.......Q.U........@.;.y+.......Q.U...........A.......A.......A...........................................Aj......AT.]....A.......A..B....AH......A..B....A..>.)..A..J...................;........4...4...4.."................A...A...A..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4...........A.......A....#..A............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 814x45, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1717
                                                                                                                                                                                Entropy (8bit):7.154087739587035
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:N9YMzO6BOfqH/dAIWpdAIWpdAIWpdAIWUtr/SD:/hzJgfqHaPYPYPYPUt/i
                                                                                                                                                                                MD5:943371B39CA847674998535110462220
                                                                                                                                                                                SHA1:5CA79B7BD7E0E93271463FAEF3280F1644CBA073
                                                                                                                                                                                SHA-256:9C552717E8D5079BBB226948641FF13532DF3D7BE434C6CE545F1692FA57D45A
                                                                                                                                                                                SHA-512:812541836C8B6F356A4D530E5CCF1CFDCC4CA54AF048CAC19FE86707CE5EA0F41D73C501821AC627AD330291EF58C040DFC017923A7886CEEC308048DA2CE7C9
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......-...."........................................&.....................U.....1T..S.R.Q.................................................R....Q.a............?..d.. ...............................................+A...Z+E...V+E...U..R.....}........Q..Ah....Ah..b.AX..b.PZ+A...V+E...V..J*....Q...b.Q..Ah....Ah..b.Ah..b.PZ*.(.@z.?.`;2.......................................................Q...b.Q..EZ*.(..Z>.G.....`Z+E......J*....F+D...F+E.......b.Q...h....PZ+E...V+E......J*....F+D...F+E..............[u#...a-...f<.9^[...l0..H..6.Kn.t...&..3a...GG...[u#..8.y6.q..%.R:8....6a.+.3..a-....l0..H..9^M..f..m..3a...GM.q..m..6.Kn.tq..%.R:l.W.lg...[u#...a-...f.r..c8.....f..m..0.....l0..H..6.Kn.t...&..3a...GG...[u#..8.y6.q..%.R:8....6a.+.3..a-....l0..H..9^M..f..m..3a...GM.q..m..6.Kn.tq..%.R:l.W.lg...[u#...a-...f.r..c8.....f..m.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.348701169634871
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:usbIN8rD62OG/WEKd5vXzt9/ERQy6lB42o8U35tMo:uskN8rD1OWKTXx9/ERJ6b/o8U35t
                                                                                                                                                                                MD5:1AD3ACCA1161A24E83E0B1545CD4028C
                                                                                                                                                                                SHA1:F00E7430A16613717ACAB10D3F008EAF3F0DE4CE
                                                                                                                                                                                SHA-256:06F7D81574BAFE93346382874CCF0FC99F7F6C58458BEE164DEAB989DD7117A4
                                                                                                                                                                                SHA-512:816EE2540122D7F1E40EA041726486DDF5F5F2A374CC8E0C28521F478B955C43BA99F1297D383837D8C8E34C4743BC522CF3BEC114C4DF1F4F303A73BABBF13B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................I.......I.qk..B.....LZ............m...[.e........m...[.e.......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................G....>...v.6.....N...^...............]3..2..@......S.........f........................................I.qk..B.....LZ...............G....>...v.6............G....>...v.6.....................................................................j......T.].............B....H........B......>.)....J...................;........4...4...4.."........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4......................#..............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 262x277, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):3555
                                                                                                                                                                                Entropy (8bit):7.686253071499049
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:/h3JeYCQV5Hn++9HBdAjU78S/mjLLwqnqahJD:53Je8b+EBdAjm8S/mjLLRnphJD
                                                                                                                                                                                MD5:8A5444524F467A45A5A10245F89C855A
                                                                                                                                                                                SHA1:ACE68D567B02B68275E0345C86DB1139C0EC1386
                                                                                                                                                                                SHA-256:7D2B01F17354D9237A6AB99D5B9AFDF0E1CC43687125848B0C2DEDFB44CE3843
                                                                                                                                                                                SHA-512:8151B447B60D110C32EC1EF286B941FFC09B99140F41BBACF5A1650A385FF4D13C0DDB2878E9A470FC7CFCC95A1AB6E44F6DE72562B0FFE093DC8A3C3C7FCC14
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222...........".......................................2........................!1AQ.a."2q.B..#R...3C................................ .......................!1.AQBq............?........)&vD.)3Hn*..X+....r...tmL.k..(.E...R. .Z..&...,fJ...!...6..S\t3.=...g&..Bqe.)_U.....1......-..fl.................J...u.i.mU..K..v.w.0O..E.h..D~K.(..9.,8..E.}.............i.\.....t."v..q..C............<..|3.........................*Q..../c.....f.}8....D..|k..Z......0..~..c..e..m(...|.c..'.5.5............==bx.5x.8...T;....=.--.pc...I;.V.m..,(....}...NH.ho....Q..U.E$.~...w.t>.S\....'f.{.+.g._.t....;>.....P...........-..G.h..2...J.% !.E97Ir.D..N....j...oE._...._...".?.......#".S.........Q.Tc.I..*I..k.......=$.........sk1Jp.\K.....F.3.Q..q..J....N..[l.&....OR4bB|..2ul....J...B.$&H..9#j.f.n./........?R~....B.I.@..........m
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.363335016840819
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:bNC5xsF/AXdpWtGxElXXom+9WXoFrdQqrbwe9nBXHxM9eBS/p:RisSpWMEhX1+94ERQyEyXi
                                                                                                                                                                                MD5:FDBA37FFAC78679590A85406CB15DE2B
                                                                                                                                                                                SHA1:1E6C6CAF62D276F29791E2168A9129ED642F642F
                                                                                                                                                                                SHA-256:CA36C31BE37B1178D9E365152F7FF90C43741F01B14A76B2D18F94A0E5CD4B9E
                                                                                                                                                                                SHA-512:6932C33C8E98245F460D554E905C75850BB1BC7E41D21911AE9549507FE7F2ECBE2C7FBE2E11BD4700346642E82556929EB84BF36377ADEC19DFE80439D83F9E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ.........x....-...-:F ..x....-...-:F ....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............N*EhV.........l.....N...^...................2+.@..|Z.>.P........f........................................I.qk..B.....LZ............N*EhV.........l.........N*EhV.........l.....................................................................j......T.].............B....H........B......>.)....J...................;........4...4...4.."........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4......................#..............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 70x626, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):3428
                                                                                                                                                                                Entropy (8bit):7.766473352510893
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:/hdu7isPwAp7zesusUyYAatNG87llTONQYS:5di5tfuQ9atNZlaC
                                                                                                                                                                                MD5:EE9E2DF458733B61333E8A82F7A2613D
                                                                                                                                                                                SHA1:A86704C969F51B86D6A05ED51C6C60214ED9FA89
                                                                                                                                                                                SHA-256:BE4F0E6C89FCE91B9EBD2623567F7DFC259E0E3C77C9158742B8F64B724DF673
                                                                                                                                                                                SHA-512:BFB5D6DD6B66EE21E946E90D1E482384CD10244308562DDA814189602681DADDE5752B80519E5B8515F115A71BD6BB4317A59BE65B8B5E3474AED119F8303569
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......r.F.."........................................H............................!Qaq.."12.....#3ARbr...$B...cd...&CSu.....................................+.......................12..aAQ.!#q.."................?...#...3.Za......rV.5&...../"..i.t...j..W........d.FL.V.2K....]t.f.d.NK..:.....f...... ......2.[...#..D...ZK....p.z.E.N..T..L.-....1....2.\.6FIr2..zS\U#..........fB\t..5J..~q...D....A.......!....MY..../.HY..../e.M.Y.n.~..,....'..Pc...l...d2..m.f.it$..qx-z*...._..].cOO....n..&.....FIA.....2J2..d:<qc..6.I.G.N....f.K..Dx.-.......`....2.FZ."K7.r}..<.P.Z.da.Y.....8..s....G.....b.e..g .S.......FL.Z,&..q.MG.J+..x\..m...qN=.....)..`...&Y...S....u6{.z.g.....@......FL.ZL&.Iv.w..8....U..v...*.q.B.v_./A..#.#.g.j........*J;...u...W.Ao...%....#$.....M..^\{W.SO...s,.N.....c).,.B.Gv...."k..z."..S]H.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.367633286146562
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:4sJ50zYutymEXNrx7nXtqr9TyWoFrdQqrJobxBXqg9VOLmlV:4sMYurEXNrxTXtW9J0RQyuthl
                                                                                                                                                                                MD5:379B44A8E5AC1C77D51AFA7F2E5D222B
                                                                                                                                                                                SHA1:6171FD468B0042072F832568854049B9EF4F1B04
                                                                                                                                                                                SHA-256:44429758DCACAB1AAF82BD22C980B6FECADF0C6AE208D48584775AB6C0B359D0
                                                                                                                                                                                SHA-512:6DFB68CEAC83AE8E1784CEAF1761B44DEC7A2E2B8D9BA6048D6CF25D730F7DFD4E0B638DAE6A564A491FA060F3C4B5FDDC69467C8F0BC9FD2659B11CAEF46F69
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZzpR.....zpR.......j....zpR.......j....zpR..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............G...q~V.9I..%......N...^...............\...k.@.D..D.|}........f........................................I.qk..B.....LZ............G...q~V.9I..%..........G...q~V.9I..%...........zpR.....zpR.....zpR.........................................zpRj....zpRT.]..zpR.....zpR..B..zpRH....zpR..B..zpR..>.)zpR..J...................;........4...4...4.."..............zpR.zpR.zpR..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........zpR.....zpR....#zpR............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 177 x 123, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):65589
                                                                                                                                                                                Entropy (8bit):7.960181939300061
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:2Hlrjw3xL//DPgff+9j6yPWvHMHjkbfnwHO3AW3GL:2H2zDUU+yPVHITwNfL
                                                                                                                                                                                MD5:8B48DA9F89264D14B83FF9969F869577
                                                                                                                                                                                SHA1:E1BD58E2D80FEEF56DC514F3F0B3AB9669F22F95
                                                                                                                                                                                SHA-256:62AD3C277E54F03F1ADB44062407346F789E63859B7AFABFD64BE6AF5E9F66EC
                                                                                                                                                                                SHA-512:03B783EC968DF3F648504D068D64DD1AE110E28110FE5B3401C9D04F44897DBE0CBB5680D42CA4C665FA94A6CED4B559106EB3C06C9BF2C5B14951ECBFFAC8AE
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR.......{.....;Za.....sBIT....|.d.....pHYs...........~.....tEXtSoftware.Macromedia Fireworks 8.h.x....tEXtCreation Time.05/15/06.8.p....prVWx..Y=.+I....t.y...,^vv....;. "|. .i7.....$.2g..']pH@p..]b....H.H.......d'@ B...U.xm..3{3k?..5n.._}U...3......~..>...g.....f..t...t:...p>..Si..d:..k:.Lf..t6.K.i....d<...x.8\.8.+lc...)i.$.r.....x.t.BG.R.cm.c...p.:&.6.4..K.......^...~b].0....oBYv..u.'.=.K.Q.g)6.....4.!.M......4.=....G.%.Sr........nxC.F..t.U........1...J.t..eQ....".... |...81.$D.!.>...........$...^.vY..EY8tb..'.P.g#O....S*..0'.V....x.W..........k.......s.C.S...J%.iVb..].........3....j.}*.z....+.s..@..K.....\x.C..e.Qq.....;N.....;....,....^.*..$F..{G...8.#....8'..&....8..5.....3(P._....S......|".....u.cr....+a-....&V..x...iI-<|a.{E.c.X.......?..&.C....'........(.x....>...M.?.9..#X......l...0...Z.F..<.z.0}Q..Z1..........?h..`E$K.2o.A*c^.......*..D..uL=.}.#*0.. M!.A.C......|_..(.Y........!E... .O...`;....M+..x.u~g...q>...N."D^..K..x..D.`.!.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.3301484922521825
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:6sRAIPNG8VtWqDxEmdPl+pXGIY+p9yPohrdQqr8ndaEBXtHkcLvq5:6sRn9VzEmd9oXqo9AwRQy+f3q
                                                                                                                                                                                MD5:FE1E0E357CF2654275C6EBFDB0A20278
                                                                                                                                                                                SHA1:C00AD0C14EE9C40CA57DCA9250AFCD0EC7D1120C
                                                                                                                                                                                SHA-256:D3404D0D66DBFDD585CCF908C6CBAF713BADFD3243CACC10D1CCB994D5244FEA
                                                                                                                                                                                SHA-512:E838A177137DB3A39484F17F5DE8FAB9ADC74A597A8A5C21019111214F621F577221B916602B06CBE6EE60D4B790D590B09496DD45F4886FE566009B8BAF8B13
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......V...v...J...................................................................................................................................2...>...2.......v...~............................I.......I.qk..B.....LZ..:.......:y.8...*s.J8...:y.8...*s.J8...:..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............R=..(.9..f...L.3....N...^.................v..D.?d`..t.........f........................................I.qk..B.....LZ............R=..(.9..f...L.3........R=..(.9..f...L.3...........:.......:.......:...........................................:j......:T.]....:.......:..B....:H......:..B....:..>.)..:..J...................;........4...4...4.."................:...:...:..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4...........:.......:....#..:............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 17x608, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1873
                                                                                                                                                                                Entropy (8bit):7.534961703340853
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:N9YMw9kGzE4xTdow1C3kyIkyM66KeJY3fOxJ:/h8HzE4xTdoUCUyxyD6LCvSJ
                                                                                                                                                                                MD5:4FC8500BD304AD127AF4B5E269DFF59B
                                                                                                                                                                                SHA1:9A5E3432358A0FCDECE86AEB967319B93A65D14A
                                                                                                                                                                                SHA-256:B4DAA90D5A53FCBC85119050B5B76962443C4DD18D7F42CDC6D4E0AD8EFAD872
                                                                                                                                                                                SHA-512:E5E07054A522EB91EFD39722AFB3776389632B8F5F923C1D29796716D68CEC93BE5E44F79913804CEC7ED631FF520CBBBAAB841E01FB90AF8E8ADF84DCD47481
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......`...."........................................>.......................tu.....45.!#$%1s."fr...2Fq..AQe.Eav............................... .........................!AQR.............?..e4.bbu."m.G......u.S.-Qq.b.a..'#..E.......u.|:.f[O..jS.S.&....=.....[.....S...N.~~...'...q....N.T.Oyf..a.6..%.I.1j.e~.4..[5.WW.Y..Xp.gn...u.......Gb.O.W..k.!mJgfq....~.F.......m..}bn4.5........s,F...z.b)..O..*...5).-.-\....=`.fP....%...A..Q.&..9.....QQbD.%.:u.f...r$.10..W.F.T..MI...9...ZQH._..).....D..n.F].........*.:.j...!6Z..S....0...B.6..Ga..S.O.....U8S_.J.>...i..?..<.P..........M..F.T.C..7.E...`.4BKcMh1j....4y...+.|.^......2[.WG.W..+......E..r/V^".R...."..6..hht..f...........;E..Kx....)}Le.A.x.>..$/).._S.n.L......}..H^Sw...2. .v.io...../.........x.>..$/).._S.n.t^;O.....n...[.S...h.v.io...../....:/...[..7yK.c-
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.481260224496441
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:Os99WmK4T6QZfktUEe8IXq9khuoaKrdQVruqwU46BXQBChTsk+KeCTdCUr:Os1xT6QNkWELIXq9BpKRQ566Ce
                                                                                                                                                                                MD5:31CC158D9306A01CF510DB22C5AE355D
                                                                                                                                                                                SHA1:EB05DC03CBD55F4B7E25EC9FDDF949D3F8E89392
                                                                                                                                                                                SHA-256:7C6AC192137F053A9E5836B0A3A772170C54BFACEF48315F5D844CD171ABD50C
                                                                                                                                                                                SHA-512:6E31464BFC9A097177E23DA91EE4F54FE4F2B70C3690ECDB7E98FA8D8BB91CDAFB68C91027C68958749F8288C78341384DEAF0215775B240465FF37637575CE2
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......n...v...b...................................................................................................................................2...>...J.......v................................I.......I.qk..B.....LZ.g.......g.Y.....1.......g.Y.....1.......g...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............8.......//\..HX.....N...^................Z...P.J.......j........Z........................................I.qk..B.....LZ............8.......//\..HX.........8.......//\..HX...........g.......g.......g...........................................g.j.....g.T$c...g.......g...G...g...H...g...>...g.......g. .3...................;........4...4...4.."...............g...g...g...z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4..........g.......g.....#.g.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 357x69, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):5465
                                                                                                                                                                                Entropy (8bit):7.79401348966645
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:X0cZneDWlIKmXwxacOHHI6EhzNlSSDDgafbofgt7mGrw:XleDWlIJwQHihRdgu8imGk
                                                                                                                                                                                MD5:8470F9A96B6C6CAD9EE60961E96D19B2
                                                                                                                                                                                SHA1:AFE1F01FFA4E4CB06B1D770C9C59DA75B434D1AC
                                                                                                                                                                                SHA-256:2DF453410796AEC7B9EFEC00059B6CE64BCF67313A95AE458BA600EA5DE14811
                                                                                                                                                                                SHA-512:CAE5C2ED091BA49761F0348516D53491E578FB165F32F93AC7DAD927383E9A398B06229FAC6A8233777DF708E5001AE0037A1FA960293BDA49892C40B37F2240
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H.....C....................................................................C.......................................................................E.e.............................................8...............................!"1...2A#Qa.$34bBDSqt..........................................................?.....`0.....O...3Sd..@..5.0....Q.pw....;....!pN.DR....`0......N^...k.=.u.e.7{.b........?z....zV...M.....P:a.SPj.....WRK.=x.2.h..2..AS..s..A..|.Z/f$D.YX1pr......}G6._.~..)j...+.s.r".{..q..-.^@...#w|.H..*.K)....g...y..`0......2.w@.Ro.d....@...K....}...&... y..f.y.0.|DC..>p.[E.2......v..N.)Z..4.RF.D.8]..Z.|f/..+\ID.r/.o........0i..*.G.O..uj..RN. ....j...xnF...Q.Ls.U.c.D0m....z.k.P;f...b.=..L.hH.,./;.U..`sa.I...?*...I....M.0<.u....!..C..U.T.....s.Q......_..7K..*.....?....R\&=.<.u..oQ}WZ..Yu...{Fe3.h...@.s..mW.G..^....1.W.#[.q2.&u.c.G......`J./..X.C....M;.....3k$}.i.3...#/x.m.Oh.}FH]. ..5NNDIS.-.M~...6..w.d....P.;..k...........v*..T..L.P...s.!B.4..w
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 14x341, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):3361
                                                                                                                                                                                Entropy (8bit):7.619405839796034
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:zDqnxqMt6gGr/Nln5ANln5ANln5ANln5ANln5ANln5ANln5ANllHN6:CxqMQr/rn5Arn5Arn5Arn5Arn5Arn5AN
                                                                                                                                                                                MD5:A994063FF2ABEB78917C5382B2F5FA8C
                                                                                                                                                                                SHA1:BD5C4D816B04A2B6596DFE38DB01228F553FACCC
                                                                                                                                                                                SHA-256:D72900E8DA72D1A7F3729971AA558E1E9B6E9CF9A0D51E83852E567256DBBFEF
                                                                                                                                                                                SHA-512:CF2279033DD3EDFE6F6F9E5C517BEBD9A52863EEFD90F57F7A5AE0E0485E705254BE7ED6B50E6CA142669687727AE85E2E6035F69930B75F2E6D3EEFA961EF88
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H.....C....................................................................C.......................................................................U..........................................>...............................8H........59...$%&7F#'Ddf.....................................>.................................58EG........!#124$%&ACFbcde............?...n.p..v..a.~.._.>......#....8.....w.G...&.W...i...%6m..K;...4."...=..?.~......P..O...j.l..AW.jo..,..=d.h.ta..../.."...z|).J.......Ww._..<Wp.3+8...-5...G:..2.D..I>o..K.F;-.....#...`...6..T...M.....OOgV~..5...np...P..TYr...........b..{r.2.9..].DA.%C....=.v.z......CK."..R..l..y}.i..;.{....JzS.....~.?..Z....=c.h~*..p.@(@..G.....O.]...Hsd.xf".V]..S"..w...4e>....3*U.7..|M.x...|\......FD./.cIe.;.bId..+=...w.......[.k>....}.u...j.xZ.....Q4..+.....B....1O~\......I..h....LaXJ%&.w.<C...n/`.W..U.W.U.}~...}>..^.0.J.....@....LN.b.......5W...m].Eu...:....G..:4.=4ixx..@_0=.mab.T.U.....w..~.V.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.316391094717725
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:Y2QsNzvsoMyN4St1xED5vXSSH9w/u+oBrdQqrPr3icBX9jlf/5fHl1:KsBsopNDpEhXVH9Ku+QRQyP2c7fF
                                                                                                                                                                                MD5:EA9965D6CD1078C38245B79AA9B4247C
                                                                                                                                                                                SHA1:650C1C23A340E4B27FA8657BB254EBA9A054017D
                                                                                                                                                                                SHA-256:393BB42A9E16027A8C6EE19C69B1E55D50B217039EAE59426411CC9BF382263B
                                                                                                                                                                                SHA-512:3F517ABF0E9C4AFCCB2E96AC98FC2EB5BBD5BC116B7844B069818358571473901F878BD1C6A9BC30A04A1E34805F1EE9A456881BA7CB7B81BF865BC8B3A5268E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZi<z.....i<z.V....:0Jn..i<z.V....:0Jn..i<z..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............Ie,....'..G.......N...^................K.\(..L.5.ye...........f........................................I.qk..B.....LZ..............Ie,....'..G.............Ie,....'..G............i<z.....i<z.....i<z.........................................i<zj....i<zT.]..i<z.....i<z..B..i<zH....i<z..B..i<z..>.)i<z..J...................;........4...4...4.."..............i<z.i<z.i<z..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........i<z.....i<z....#i<z............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:15:20], progressive, precision 8, 604x784, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):140755
                                                                                                                                                                                Entropy (8bit):7.9013245181576695
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3072:i/aDiblRsFcOco8dofE5Zx1+NQI8Wh9aiOe5NTO:mnbM+TxaAi98W3aiOwTO
                                                                                                                                                                                MD5:CC087700C07D674D69AFDFDA0FA9825C
                                                                                                                                                                                SHA1:F11113DF69DACDB255C6CBCFB29C1D1CCE40B346
                                                                                                                                                                                SHA-256:A7FA7F092EFF43030A56342C39A765F8D5CC48C7DB815DDFC8C1E5EC40117FAE
                                                                                                                                                                                SHA-512:843202D975EFA91E73287052A893584B6E5AE601F91612B56539AA2F73D1AD3F997FCAD1E711E0F483A2E91D46D9643D0B026B43F4E94116A5D2FB6551536034
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:15:20.............................\.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................{.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.......J...\O.,......../$..........OE.m.o......T....Z..l.g.-....m.?...Y....3......"....].j.X.k.S.k.....4..R....{....?F.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.355684956771725
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:YuGs1NsKsrrqXl19tODEuVLfcXnc9ODo1rdQqrzZSkSBXjb0eTr3mtES6l:YZsOqXf9uEuV7cXnc9ODURQyvSCq
                                                                                                                                                                                MD5:54449F90443A91838366A9DEB483FB02
                                                                                                                                                                                SHA1:2FA94F19755330B45D43122875BE985016ED6503
                                                                                                                                                                                SHA-256:FED431768B372AE99960A6604EBF62CF4A741D72784C8FEC460C04048B00B024
                                                                                                                                                                                SHA-512:7D4D40A103E07CC467B991D02CC4D4C240532D41B6DA0658E48CB06F080F5CD3F045FE8112BA8CFEE7339C931A0A2699B2A49746852E6B750F493D93F35F7D73
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZJ.m.....J.m.Y6...81..c..J.m.Y6...81..c..J.m..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............>.tpW}..%./w..\....N...^................x..z..A.8.@Cx..........f........................................I.qk..B.....LZ............>.tpW}..%./w..\........>.tpW}..%./w..\.........J.m.....J.m.....J.m.........................................J.mj....J.mT.]..J.m.....J.m..B..J.mH....J.m..B..J.m..>.)J.m..J...................;........4...4...4.."..............J.m.J.m.J.m..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........J.m.....J.m....#J.m............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:13:06], progressive, precision 8, 570x779, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129887
                                                                                                                                                                                Entropy (8bit):7.8877849553452695
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3072:QS1x1rXglsteJ79wHi4vNQR5yBlUdOSILe9hSj9jeWMPjdlOJ:vvglst1HiwWR5yBA2LeS9jd1
                                                                                                                                                                                MD5:737E96E41D79D3BDACE7AB4F8CBF6274
                                                                                                                                                                                SHA1:E6202A41A4F86B27D9EBCAEF7670B16C0ED67CF2
                                                                                                                                                                                SHA-256:7966F3D8A2D61ECB49A35E163781858E052C0B122A18A1238AFE27B57E2850E8
                                                                                                                                                                                SHA-512:D398C8521DB2FB3F8456FE792CF37472F3B851DD7298DB20E2DB79144F8E846D051878E77E5EF5D00E6840EDB90C6E2D97935BC1023A15FC45038CCE731E9895
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H.....iExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:13:06.............................:.......................................................&.(.................................3.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................u.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...W..I:..*....a....Aa ...w.T.M.v.........3x.......8Y....$.."-..m.I.0~sxB[@..=...:..\.Y?....@O.L;9i..U....?.5">+9.s\Z..vN
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.329408457464846
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:YFsdrMPhVEEr7fhXc9ctVERQyCMh3PMelfD5:GsdrMPhvr7ZXc9CVERJB1Melf
                                                                                                                                                                                MD5:FA6BE5D4EDD0C51AC09EABD8544E78FF
                                                                                                                                                                                SHA1:56F9C5233E54C40BC70F709C3CA145D616238055
                                                                                                                                                                                SHA-256:10C5839544CCEC0D21A5AA4D4376E1B0ACA7D7B87D0ACE45CBB77A2C1C2A6210
                                                                                                                                                                                SHA-512:6EA582EEDD79A5EA5EBC367589452D947752BA1BD93293B97F41545DE060B3FC92F6C8C0699F25071197D845ED52DF6864F87C8DE391CBC7B553F303DD2DFBCB
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ..p.......pP.... I..^`....pP.... I..^`....p..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............Y...+..A........N...^................3..j~@E....g...........f........................................I.qk..B.....LZ.............Y...+..A.............Y...+..A...............p.......p.......p...........................................pj......pT.]....p.......p..B....pH......p..B....p..>.)..p..J...................;........4...4...4.."................p...p...p..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4...........p.......p....#..p............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):84941
                                                                                                                                                                                Entropy (8bit):7.966881945560921
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:X3sWfhTVd+xu6rA6SOONM0/YFXnviDwoPCaNSm+z/ze/fWNj7GfigeKyCGzw+QKW:nsOhdDJOwY1voPCaom+z/zeHAfGihCG8
                                                                                                                                                                                MD5:CB84C108A76C2AFFCAC2551A3C1EAD56
                                                                                                                                                                                SHA1:8BB7C2A12B056C1ED12EBBAE5BC9F60CCE880FFE
                                                                                                                                                                                SHA-256:139BB0E79F89C3DDEF79B1716A5FBAB4C07DF5785FB3CDF6B4EEDDBF6C078452
                                                                                                                                                                                SHA-512:6EF85144E9A7ACD0FF2E52A5FF42093153EFB69127B1C8549EEBC49B6CC196A46B65EE39A2CAD0206F6A41476D8B5B35D29EAC9942B8F84972B32E14CAFEED27
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d....................................................................................!.1A.Qa..q...........".2..BRbr#.T.3C....S$.cs.D..4%5......................!1A..Qaq."2..BR....3...b#.r.C4.............?.......m.q..'O.....r......_.1....8h....?.....O]~..k......GO...''._...!....o........''..g..H?k.......1...?.....z......>...+0..................GO...''._.........}.O.Z|.L?...........?.........[~t.......}......NO.....v.......J.......?..g..H?k......GO,m..r}o.z.....}......dC.9?..g..H_..........?.....O]~...m...C?.z..f....W.=u.B..m..C.-?.a.....3._.?.......o....np.M....g..H_............9?..g..H...../..kO...''._...!~...o.....0.M....g..H.........../......O]~.~...o.......7..+.... ..l?.}........&....3._./....?.........W.=u.C..m..C.+?..o.W.=u.A.^.O....:......_.........}..t
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.332230399834432
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:Yuo3szYE0uDtWUEe+hNGSXGGS9uCoNrdQqrjx3K5BXsVsZ0nBZ:YpssuDBEPWSXRS9uCcRQyF+PIB
                                                                                                                                                                                MD5:15864579F6EC91152FB8E3680642940A
                                                                                                                                                                                SHA1:1143AD802594D83089ABE9A20BF50670762A9F80
                                                                                                                                                                                SHA-256:8615CF92091B5D60091F6C72160ED890612B66DE467C6E7996598A86E36022B8
                                                                                                                                                                                SHA-512:663AD767F91AAB2923A02A106CCE94DEAF6429C3290AC2655159CEF7E5C0A336548B881AD29EE0E428B31BDF1D513D8655222A91B88345AB6401260DB807CA9D
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZSB......SB.?..F..K..l?.8SB.?..F..K..l?.8SB...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................g.Rx...I..WO....N...^...............5.Z...nD....k.^.........f........................................I.qk..B.....LZ...............g.Rx...I..WO...........g.Rx...I..WO.........SB......SB......SB..........................................SB.j....SB.T.]..SB......SB...B..SB.H....SB...B..SB...>.)SB...J...................;........4...4...4.."..............SB..SB..SB...z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........SB......SB.....#SB.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 40 x 623, 8-bit colormap, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1569
                                                                                                                                                                                Entropy (8bit):7.583832946136897
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:KArPoy/sSfmBL0EGEsRgeTLLXFnViAAEslVorlP0i8OmO57EnGAkYelBKMN:9oQPTgeL5ViAe8rQs7HAkrlc+
                                                                                                                                                                                MD5:07DB3F43DE7C1392C67802E74707DAA6
                                                                                                                                                                                SHA1:C173ADB1999065C5E1E6DBEF934B4D4D7AF0CC23
                                                                                                                                                                                SHA-256:51E05999A1C9F17DF28CB474E57DD8E64BDAB824874A532C20A23766A01F8967
                                                                                                                                                                                SHA-512:E509255519D4E521E82332FF418DD5A6BBBC8476399A0D9C3D81542C1CABA535B2D79E5BC90F73F9EE8468643302137671934ABD600FC696F16161C91FEAC111
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR...(...o.....>.c.....PLTE................................................................................................................................................................................................a.o.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.Y.. ..........}%.../].`<..y....V...m.....<....)..;Ki..'9...2.:.c...t..V..d.t;-y.Z.=K>B.."{Lj.~G..|..ENC.!Sw,....";.p..g....E.B..S.-...k..P."..E......l[./D.-.....Q+.G<>.+..b...#..y(...{a.M..J...<....v.W..F.qm.`.....(.mk.nX....l.Px8.0\Z....7G...$*.....&..Z.VJ.~......J.2|...2H..../...=.)q....ZT" .,%..h.p....Z$.!........r...Hh.f. ....P .d..1d....2.3h....;.A.... ....d..g4...A..^.....2.ew..."h...y/..j.h..B.......%.2.%..{r...+dG.=9h....P1...A...c...^h.]Q0.8x....q .!3....ZW"Z.!3...G.vC.GG..".&..X!3.|xB..V.P!.+zS..NX!3.....Nh.y(.Z.1.h..B...Z+....l8Xcu.B...K...@U..@Q...mB...x...&L C....mB.....@kC...Y.,.... ..e\F.B..........y..e\..:$(....Z.a...yn...f..z.~Q.{o...].ln.r....^.@.{..c.7..{...
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.383161459342062
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:Qzg0xsIt5aOtZhzrEplw9X7hS9KysRQywYjSF:wxsk5aSEplw9Xo9KysRJwR
                                                                                                                                                                                MD5:919F05A5D166566C52916288ADE7EC24
                                                                                                                                                                                SHA1:7C66C86528894ABA748F90291879477D0BD6A04E
                                                                                                                                                                                SHA-256:B367F7E4CC7F1A2F5E54E99AC201BC23C37F451CE64140893EFC229E06F2474C
                                                                                                                                                                                SHA-512:433323B6B598599B2C9337B250EAD7C281B3FEFA1C33F305E5689267DD4C9D66114648A86D679D0CF27282761AEA8616B59508C4D5A690CC976D8499C5DD5DB7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ...........p....=.\......p....=.\........I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............(...?...PA.z.%.....N...^...............q.:.D-H................f........................................I.qk..B.....LZ.............(...?...PA.z.%..........(...?...PA.z.%.........................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):40035
                                                                                                                                                                                Entropy (8bit):7.360144465307449
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:MQhziQo1RKGlyyzYjlxuxwRUj/BN837xRmwH2uDTCn8qXFQziN:ThzrSzalg6O563l4uTC8q1Ig
                                                                                                                                                                                MD5:B1DDD365D87605F96D72042CB56572F6
                                                                                                                                                                                SHA1:ADF71DAD1A62B8A58A657C2EDBDD665A19EB846B
                                                                                                                                                                                SHA-256:06E09DE80C3F32254DA4FE6B2CBAD7C05EF144DD54B8C65745E195BBF7317A2E
                                                                                                                                                                                SHA-512:9C686092CC9524F34EA6CEC9AAE936A6225BCC54DE38DE1786EBA8F532959A80FF885E8664A09E4C318D7CA4B278E807D3D1F135BE55F30979B844FF5EC9699A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!1....AQ.aq.....".3.5...2B#s.$%..Rr.CS4&6...bE'7.c.DTtU...d.eu...VFfv.Gw.....Wg......................!...1AQaq........"2..4..Rbr#3$...B.s5Cc.S%.D............?..^.f....R*.N{.{f.....O.r.V.;U..~...U.(..>M._.yI.{8,..^.t...s`...j.O..U5t.&&..h.G.6Da.;.....J.......E..QD...C...}..N...tR.....~..].J:.V$.*.r......]...W......4.[.)6..Y_.....4...........m._'HR.a......]U=.....n...0.W..]..K..){.+...w...f...<|..1/.|.....b..-..y....]U#Ctn.7m.._.|..2I;|....tM....q.q.}.N)....'...9&...nR...R..}.........m._.LZ}u.../K....9.~..?.{....V.#..dx.Zk.:=..:.j].....E#....E~w%....J..[S..[......gr...vb.r]..<..ut..i...[P.w....:..Gkn>......#..m...9km`......t).up.....w....VOR.{&.nQI..}...wD.7Ey#n....MO.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.630587914594161
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:Jstzo2NMD/itmTU9tPE3/LYoXEsNb9uHoJrdQqrwYOyaBXJ5jvMlNFF8elzl:JsyD/iZPE3/fXh9uH4RQyijnte
                                                                                                                                                                                MD5:E5328FB693AABF63ADC26899D941EA31
                                                                                                                                                                                SHA1:CCE4E6A3C0E2A685F1C077181E16EDE87BD85F86
                                                                                                                                                                                SHA-256:6376311DE2107295122FF261840B4F6906A2C40E50FE50F83D967D3119A92E18
                                                                                                                                                                                SHA-512:6FEDDE823B9BB3F100CD074EB75F43DB68149FF610907844DD7C4F06E9B65936E0566BA9220EDE16A4793BCD71C56635381652F681343B314DF86E6A19CBFC95
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>...........v...~...................................................................................................................................2...>...f.......v................................I.......I.qk..B.....LZ.0......0.-1..'.u{!...0.-1..'.u{!...0..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............NN.F.....#.n3!!.....N...^...............G....B@.....)..........f...................................:....I.qk..B.....LZ............NN.F.....#.n3!!.........NN.F.....#.n3!!...........0......0......0..........................................0j.....0T.]...0......0..B...0H.....0..B...0..>.).0..J...................;........4...4...4.."...............0..0..0..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4..........0......0....#.0............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:10:32], progressive, precision 8, 594x773, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):242903
                                                                                                                                                                                Entropy (8bit):7.944495275553473
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6144:YVxOYlZX2kCWfYoFMXC/sBFC9r+4iEGM4rrcPoWmwkU6FJ:+OwZ2kbFMC/L99ifvokU6/
                                                                                                                                                                                MD5:C594A4AA7234EF91E6C2714CFE1410F1
                                                                                                                                                                                SHA1:C0F720D4CE3196852814D0B7347F0CAA0C6FD526
                                                                                                                                                                                SHA-256:10C833E47BE1C8496F949A6B059C2D79212A4DD66BDE62116EA337FA4FE0B654
                                                                                                                                                                                SHA-512:7313F6545A334F9E2DE5430B2DB5C419C4C8A40E075338DAFCD74970BCC6309786946E5DFB57531612BF4C6269495655706D920FD99922FDACFF9796710DA9C0
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:10:32.............................R.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................{.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...v&.F;-v;}FH..Z...N..)Y.......h;C....G.0W..ww...MI..Z+..\.........c..4.1.~.Yo.Y6.&. q...............l.A#.~s?yYg..7ky...r
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.323644757545866
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:YuSsa+ScnOutrxdqwEXMRLlXqdHn9uKo9rdQqrngcSHPBX41aKDJ:YFs3OuFEXMRRXA9uKERQyqE
                                                                                                                                                                                MD5:13DABC23A9600B13791C8B865C178429
                                                                                                                                                                                SHA1:1BA40D764EE5A94E961F5047EBACCD3F11EAA5F7
                                                                                                                                                                                SHA-256:08E48F58E7BA277BDFF851C4765D09D1E294CA98B346131F66F1AC400D5EE567
                                                                                                                                                                                SHA-512:376F5B95EF2DBF6C1E3CDF7E57326612BF1EFE7F3450F0E5826A98EB4AC7FAF0E2787C470C00AD84DB58C3C2B70F04734D7B30F4B67AF33A127C8368B88AF893
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZj71.....j71.....>X/#>...j71.....>X/#>...j71..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'............../.).Z...[.........N...^...............ai....eE.b.p7~.l........f........................................I.qk..B.....LZ............./.).Z...[............../.).Z...[..............j71.....j71.....j71.........................................j71j....j71T.]..j71.....j71..B..j71H....j71..B..j71..>.)j71..J...................;........4...4...4.."..............j71.j71.j71..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........j71.....j71....#j71............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:12:29], progressive, precision 8, 598x766, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):70028
                                                                                                                                                                                Entropy (8bit):7.742089280742944
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:ub4bgbB7g9cKCmSzaNF0jAdAzQKTEFBQqUp/i0yG1pidLHTVX:ub4bIB7Qg2OjbzjgWp/i0yGCZx
                                                                                                                                                                                MD5:EC7811912ACA47F6AEB912469761D70D
                                                                                                                                                                                SHA1:C759BC2D908705D599B03BDB366C951B11F99A4E
                                                                                                                                                                                SHA-256:FBB4573E3BEE1B337077691BEBAE15D6FAC52432405D31396D526D7694A8283D
                                                                                                                                                                                SHA-512:881828150993A8C56E36CDA2051D89C1F6E0322643902C9506392C163E8734A2933A46486F40E5BC8C8D0164E180605E52620EF22FE14540AEA787A38B22E98E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H.....7Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:12:29.............................V.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................}.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....H.yM..? .Z.. .^.x..p.8.A...K.... .\{..)..y....t..=.^y)..v.@.W>. .h.. ..p.:.\)(.$....$.I).....!....E..Z.....&.5.).
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.336057519225853
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:vu1ixGsmOKR0B9lDJYF62tAWPE5VLPjXLz9ezoBrdQqroNBXy0UJ1GS9WhuM7C23:vaixGsIEY02OwE5VHX/9ezwRQyIdF
                                                                                                                                                                                MD5:D489BFE5246BD58BE8F5597F0248695E
                                                                                                                                                                                SHA1:1B2540A358140AB28C0AEFF1D24A07184045EBB9
                                                                                                                                                                                SHA-256:F23D563DAF04D0F32902540D6E40537EC340C671B66470C059B552E7D2F31A74
                                                                                                                                                                                SHA-512:44FF585AAB20F498586E5860A5E846CA55ED423B12BE03C186E715CE40AEED8A76FC6068D6F8ED8A4AFB31DA6EFA8638E8792B9EF4D8EB933B3FF3E6CD2A9290
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ?.".....?."k.6...2X...8.?."k.6...2X...8.?."..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............(.@.g.W.5z...>l.....N...^....................hgN..x.j?..........f........................................I.qk..B.....LZ............(.@.g.W.5z...>l.........(.@.g.W.5z...>l..........?.".....?.".....?.".........................................?."j....?."T.]..?.".....?."..B..?."H....?."..B..?."..>.)?."..J...................;........4...4...4.."..............?.".?.".?."..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........?.".....?."....#?."............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):24268
                                                                                                                                                                                Entropy (8bit):6.946124661664625
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:d2wiieoHTRh5a1HAteZCWOZIM+L7WhNjYn:8wHFHJ+/OZIKhNO
                                                                                                                                                                                MD5:3CD906D179F59DDFA112510C7E996351
                                                                                                                                                                                SHA1:48CDB3685606EDD79D5BCDF0D7267B8B1CCBD5A8
                                                                                                                                                                                SHA-256:1591FD26E7FFF5BE97431D0ED3D0ADE5CFC5FA74E3D7EC282FD242160CE68C1F
                                                                                                                                                                                SHA-512:2048CBA13AF532FF2BCC7B8B40541993234BD1A8AB6DE47B889AF3F3E4571F9C5A22996D0B1C16DD6603233F6066A1A2A97C16A6020BEDD0826B83BAD0075512
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:19:29.....................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................$.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....)......[]t.\Z..g......A....&D.$LH._..X..Xl...`....cZ.X.........>......f.Z.X...]..~L.S..@..I$..I.IO.....x...s.g.[f.h{9..
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.316962962418197
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:ysSQmfZO6aS++tIwrTEEr0OXZwO92ao1rdQqrDpKqYBXgtdVCGl1:ys2RO6aSfawkEfXZwO92akRQywqYcVl
                                                                                                                                                                                MD5:AD510B1E2CF65F096F7017D0C156453E
                                                                                                                                                                                SHA1:A94B70FB8E3C92E095F686D0222B3D6470EB30CB
                                                                                                                                                                                SHA-256:A8878F1CD960CC4865CABB4080428A880CA2E8348050E9890AC8E9BDE800CC37
                                                                                                                                                                                SHA-512:CBE52D5D7140E5F7A7E2B86C290D832DBB91455EBF680E1FCCD750DE7473CFA33265C698B50BF75F71A4D0B9E0928944997A02376E90DA652358FD2D9D9606C1
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ$;......$;.P......!S.x..$;.P......!S.x..$;...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............#........m.......N...^...............1{.PN..A......2.........f........................................I.qk..B.....LZ..............#........m.............#........m............$;......$;......$;..........................................$;.j....$;.T.]..$;......$;...B..$;.H....$;...B..$;...>.)$;...J...................;........4...4...4.."..............$;..$;..$;...z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........$;......$;.....#$;.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):47294
                                                                                                                                                                                Entropy (8bit):7.497888607667405
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:aQ10VrIBdBvDpQrQ7P9/FUOLG2vTSeG9lkCsMKzXeMBk3CBp:aC0JIBL+QsOLG2+ZAC1KqM2I
                                                                                                                                                                                MD5:7A450E086AD14BA7D89BA5DB3D3AE6C7
                                                                                                                                                                                SHA1:E7AEAFCFCE476390E18C19456BDF6529D863D518
                                                                                                                                                                                SHA-256:BDD997068701ED3A00A224EB694B003C01AC69B857FE7B4147D6C34875B1632B
                                                                                                                                                                                SHA-512:9B6D50A6CDB6081DA107A2CDDB1BD2811A5764994C8E3F67D56CA81084BE0D068C27435154E867199F38688EA65E8DE02A56DCAC47D0F5E55F0FBB6598814938
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..A..Qa"..q..2.......B#...R%.r...$&b...3Ss.4dU6F.cE..'GC..t..5eufW......................!.1..AQ.aq..".....2BR......r.#3.d...b..Ccs.t......$4T...SD%5Ue&Vf............?..M.7(..).:.a.q.......>..[:O...afQ.uCO..U.....go.l..p..YqVklQ.{i.w&.]Z.\+JQw._.n.'.h..,.bj..X.].k&.Q.>gU..f...1|....[...jQ.%Zb.......t..........*..V..j.6....Vj..i.....?...IY.P.....$.j........[l.....S.4.J9.U\.......7I..[..=*N5....xW..../...=?n....uG.D..S.>...8..3........n.S....]k.*...4.>.R.o..{..l.H.#.^....<amG.m&.......,....wDY.W.m.X....We.IR.Nu...y..Z.l.._S.mr.m...y.]m.R.MT...6.5.5}.K..#%..k].7.Y.q]...%.r.7.R^jR..z.K.T[t.a..d.)glW.r.v,.`....O..^..o:.Uc.\..D....f..D......yt.Q...Y.....
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.470083163442552
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:RWs2RpB16ua2T0joHtURhbCyEwL6FLdXmF928oRrdQqrbKBXyyki16zOtDGhl:RWsWrT0joHQhb9EwCXmF928IRQyGXMh
                                                                                                                                                                                MD5:67F131F0A97949583F065FFAAD0FB5AE
                                                                                                                                                                                SHA1:33D5E3D7C242F03FCF48239A3C2F74D6827D1572
                                                                                                                                                                                SHA-256:D4202584B6C2A221553BBB1C6FB092E7A913992F514AD4534ED254098AC293A8
                                                                                                                                                                                SHA-512:A8D633DEEA16787FB134B0D6310396E092AB7A5F844597456E721D72D295E5FF95F84D9F14BA6738050E4F80E3CE75C9ADFCD42F6B0B5FAF0C4253542DF21E0B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......n...v...b...................................................................................................................................2...>...J.......v................................I.......I.qk..B.....LZ.?.......?.R.E.......5..?.R.E.......5..?...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................."....#7..m\.....N...^...................^.K...m.j..........f........................................I.qk..B.....LZ................"....#7..m\............."....#7..m\...........?.......?.......?...........................................?.j.....?.T.]...?.......?..B...?.H.....?...B...?...>.).?...J...................;........4...4...4.."...............?...?...?...z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4..........?.......?.....#.?.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 60 x 336, 4-bit colormap, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):347
                                                                                                                                                                                Entropy (8bit):6.85024426015615
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:6v/lhPtnlx/QulkWNY2V18A6Akp7eee1VDjMHCyLezyKUX5Gp:6v/7RrIubiA6AkpNhiyKe+
                                                                                                                                                                                MD5:78762C169F8B104CB57DFF5A1669D2DF
                                                                                                                                                                                SHA1:9638B71B584CD636834016A635ABF8D9C0887711
                                                                                                                                                                                SHA-256:E64FDCD0B108737D8B8F7B677029F924031D6BBAA50585D9C3DEF7C7E92ECAF2
                                                                                                                                                                                SHA-512:5ED899AAF73B72DEC32E171FFA112382667D5BF3FBA98C92E313E66C0A6975EA97068F4CD32B62283F18DBD5345C11E3610F7EEAC2F2DE71FC44593180B9CEAC
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR...<...P.............PLTE......................=l......bKGD....H....cmPPJCmp0712....Om......IDATh......@..aI...B..C..l...^.%.`....>.]..|0.....a...hb...0......q.......p"....;...K..x=...p...y.yy~J....|...\.......y..X.......'...>1...Ky..f....&........N`..f0..b...3.......`Z.3..3.....o.......4.&........SV...4.....IEND.B`.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.345884333807034
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:mM2sGA+vQFBt/q+E6kXU9wz4odrdQqr8yyqSBXC/IF9ZCKPHR:Qs4QFBbEzXU9wz4URQy8n/f
                                                                                                                                                                                MD5:51344602ADBBF192344F260576A88BC0
                                                                                                                                                                                SHA1:8D22C529AB94CAC1DA59B7BD0FCAF75A0A94FB13
                                                                                                                                                                                SHA-256:9B16DD374AE22A0604D3638E3F304282A5D6EB74567BCDB88E8A641C725B570A
                                                                                                                                                                                SHA-512:8D55FC4976E042C0D0992820C2D33FF8B9DDCB7D39BA8F379056B4B3564E729B941073020D9691AEB9200BAFA463AF1F5FBFE3A2F1E2015F9C508F43002B6F29
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ.......... ?U....+.U..... ?U....+.U......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................w)...J.P.o......N...^.................i.B..J..............f........................................I.qk..B.....LZ...............w)...J.P.o.............w)...J.P.o......................................................................j......T.].............B....H........B......>.)....J...................;........4...4...4.."........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4......................#..............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 40 x 617, 8-bit colormap, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):827
                                                                                                                                                                                Entropy (8bit):7.23139555596658
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:6v/7Hs2NwBW1mtjeSfaTHHy05riYUtr8y8PQvPYzzg979Reip0QPqc:oOsotazy4rStr8y8PQIzWea0Qv
                                                                                                                                                                                MD5:3E675D61F588462FB452342B14BCF9C0
                                                                                                                                                                                SHA1:86B62019BC3C5BE48B654256B5D10293FC8C842A
                                                                                                                                                                                SHA-256:639EADAD468B6B32B9124B1F4395A8DA3027FF7258D102173BA070AE2ED541AE
                                                                                                                                                                                SHA-512:E6EA855B642ED36FA82F8E469A826DC57EB0C36E307045FF8D166F67AF9242C87840833BE31FBE4706DC54100E999D6A3D3A78D0633A3114735818874AD34758
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR...(...i..........`PLTE...................................................................................................bKGD....H....cmPPJCmp0712....H.s....qIDATx^...0.Cg.;......@j..2c.=~KP.[H~..@..8...?U.g.n.a=.=.).....3..u^(.....L....5..........8.}..T.f.n.a=.=.).....3..u^(.....L..r....s..8.....W]....,..9..G?.a..`c.z...E.p...)Y.P.....#....@9.7].....,..9..G?.a..`c.z...E.p...)Y.P...`b....0.b.+~{.Pu...1..<..0._.l.@O.y.(...V3%..J....s... .(g.+.qyWu...1..<..0._.l.@O.y.(...V3%...%R.L.Q..x..R.<t.o......7.............:/.E..j.da@i..`b..Z......u.>.?...7.............:/.E..j.da@.Dj..9.W....s. .....:.......L...">w..7... .....:..."...L..."..a....D..Ya.l....E.{.@&.|.._...7..D..Ya.l.....{.@&.|....0.J.."z.0s..s....=g ..>........"z.0s..s....=g ..>..l..1...y..g......IEND.B`.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.339933834339001
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:Csyl6y2poXEXnWoXUo9m60RQysaV6X5/Eun:Csyl6y2q0XnWoXUo9m60RJdV6X5/Eu
                                                                                                                                                                                MD5:C7166B4B79A68DB4146401F8F7547963
                                                                                                                                                                                SHA1:3BD29FF29417DC192B143089CAC53992EA3D4D6D
                                                                                                                                                                                SHA-256:430A335D93F92DAC0EB01C19D8459DDF465C88126DF3D8C72CBE5BA1B35163A9
                                                                                                                                                                                SHA-512:9018D17D2DCB6795C2AC23CD6FAB67F53AD71051D34220647C3C50F18B14D845744C86EE7BAAEE833A61E5809DA37671013EFD84DA098BB1FBAC968EC6471EB3
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ.'+......'+.z..<........'+.z..<........'+..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............E.[D.\...B.cV.......N...^..............."MKM...F...;)..........f........................................I.qk..B.....LZ............E.[D.\...B.cV...........E.[D.\...B.cV.............'+......'+......'+..........................................'+j.....'+T.]...'+......'+..B...'+H.....'+..B...'+..>.).'+..J...................;........4...4...4.."...............'+..'+..'+..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4..........'+......'+....#.'+............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 50 x 600, 8-bit colormap, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4410
                                                                                                                                                                                Entropy (8bit):7.857636973514526
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:E/pQuIhKZ7u06dICH3AroiTe8DGTl55poBUmLNjpH7MvDHjfm:MpdZtPbknnRPpkLNVMvu
                                                                                                                                                                                MD5:2494381A1ACDC83843B912CFCDE5643B
                                                                                                                                                                                SHA1:98F9D1CC140076D1AE5A9EA19F47658FD5DF0D66
                                                                                                                                                                                SHA-256:5EEBE803E434A845D19BC600DF3C75E98BB69BD0DE473CEEC410D1B3A9154E28
                                                                                                                                                                                SHA-512:0E64CC3723DC41D94910F7ADFB6A0DFB5049350FD15A873695614E4A89ABD78B166BA4E9C8CB95E275FB56981539DECD2A7F28FBC25E80DD5E2DEA8077CC9489
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR...2...X.......E.....PLTE...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................B..(....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.].\TU.?3"...(..L........q.Q...H.*j......W..Xd.ie.f..%.XT...em..m.m.vkik...>.}..}|..{'.U..~......}....s.............,CVu.x.:C..5...;.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.315694188816229
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:YVs6kSdcr7isPEZnf0cXXlL9emxwRQyBAe5IKB7IO2F:Ws6bcwB0cXB9eowRJ6YIKB7INF
                                                                                                                                                                                MD5:38923075D79BC139F40E22DE95DCEB10
                                                                                                                                                                                SHA1:3FF6BBCA248E38B93D52AFBE6CAEB42F1F6AE645
                                                                                                                                                                                SHA-256:52EB01E04873D4F9A27BDC0325AE228158C5430954051C04A5E39F8A2DC9B6C1
                                                                                                                                                                                SHA-512:7AD873DD0D214226EE501E9F90AB09DA579ED5F6364176F56F685FD9FB96314AA4A94E15C68444775FB06937AC161928E4AB4C7F4A753428448035D2D2329D8F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ.............."..&.........."..&.......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............O4.s.. ..X^..w....N...^.................f.[.y@.y.U$..E........f........................................I.qk..B.....LZ.............O4.s.. ..X^..w.........O4.s.. ..X^..w....................................................................j......T.]............B....H........B......>.)....J...................;........4...4...4.."........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4......................#..............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):136726
                                                                                                                                                                                Entropy (8bit):7.973487854173386
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3072:SIXmy5Tl704vW2ZKkvV8UU0ZWUF0BJwySIdgz816YzDc1+opecYPn:Sny5Tl704fZFV8UU6LGXwyS4xohpQPn
                                                                                                                                                                                MD5:4A2472AC2A9434E35701362D1C56EDDF
                                                                                                                                                                                SHA1:16FA2EA2D2808D75445896E03B67A93000EEDDD8
                                                                                                                                                                                SHA-256:505F731CB7707EFAB2EB06685B392DC7E59265A40B55AAE43E5DC15C0A86CBA4
                                                                                                                                                                                SHA-512:5E28D8FB2AC62ED270968072A30013334461F7CAE96058AF9EAA6E10912989DC47112D2133892BF61F7A516B77C6FF71BA2A000B750A9F95C787E538B09595C2
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQaq".....2B....R#..b3...r...C$...X.....Sc...9.%'.(Hs4Dgw..T..5GW.x.)......................!.1..AQa"2.q.......B..#c........b6.Rr.3s$.&..S...C4.%5............?.........(......(......(......(......(......(......(......(.G/.GE&...)..P.x..B.({i2Y;.z?G...Yfc.)H..^....#.....}3..Sc^.H..+...M.a.P.....GS.....H_.3..<....1f........1.<.\..nn-..s.s.\9Y....=.......S.0.......N..cA..Io..r.3..........ay.....K.....,.;9..Q......xO.Fa.2..>........{4k.....|....?U....3.8..._/3....#.. t.y......yY.......e.<........#.....B.....Z.%.Y..S.ye.W4...l.......X...%.@y}>....l.yi..D..W......L..._D.Q....)...E....n.%...*..K.4#.8`..I....h..h.o..I......-...hB...3..u.(5..........n...,.@....a.t.9.....@.s.>.&...@
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.351657248947452
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:+s3AduER6/A3AMCtBiEKHLBpLXxhvL9qy9ohjrdQqr+2BXmBLR6/LGvj1bpl:+sc+KAMCeEKHDLXzvL9qAgjRQyNbgd
                                                                                                                                                                                MD5:7E78A7E56C9143A9760F8AD5E3706575
                                                                                                                                                                                SHA1:06580F0F0AC800B266C0C25972BA3389CF41F934
                                                                                                                                                                                SHA-256:40A73A7A18E8A7FEA4C77F7D8F759B438C8ADF47FC915A1D2EE27F99A5FAA2ED
                                                                                                                                                                                SHA-512:DD74B83D1882557D2FCF9851CD38212267A24A08356B8928B3894044468D915EF88D87947DA7E5D868490A3615B3034B574840C7E7C9BC4DBA59C1D89FE9D69C
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ..j.......j.....,.i.m.;V..j.....,.i.m.;V..j..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............'?......B.R..x....N...^...............u3.G.H.S.Y.E#\........f........................................I.qk..B.....LZ.............'?......B.R..x.........'?......B.R..x...........j.......j.......j...........................................jj......jT.]....j.......j..B....jH......j..B....j..>.)..j..J...................;........4...4...4.."................j...j...j..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4...........j.......j....#..j............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 77 x 627, 8-bit colormap, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):5136
                                                                                                                                                                                Entropy (8bit):7.622045262603241
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:djzuNKb3XHco17p2wolIxIx7lpskdsC/ddWNKeabJbMojpxLDTu1:VzuNKb397pwlIxKp7qs3bJb5FBTw
                                                                                                                                                                                MD5:FA38AFA965141EA3F17863EE8DCCDE61
                                                                                                                                                                                SHA1:2B4611E651AF7549C1AA73932B1136B561A7602F
                                                                                                                                                                                SHA-256:E1CB1A0EC9BE62D5445C73AA84DF38234002A7E164EE830C9DF24997802CB5D2
                                                                                                                                                                                SHA-512:A372674F5CA343321BA9C413D346070709F7685706C9C6C3DC7F61846B59253A5E6FE800DBA10AE870FD3887439B2AA106FBBB51751E92A163938A4393C43E28
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR...M...s.....}8nv....PLTE.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................z`.....tRNS...................................................................................................................................................................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.394374484064583
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:zWYRXsBwv8id/Eq6AjG/atyeEBfXxW9eIo1rdQqrie5ke/BXidy2TinF6pNr1B:fRXsSEq6QG/a/EdXE9eIERQyDh/LJg
                                                                                                                                                                                MD5:B64D2274C09EF58063C7C8E178D6FAC8
                                                                                                                                                                                SHA1:242A7DBCF5B9B6C6864A38D1A3F897D482BADA47
                                                                                                                                                                                SHA-256:F2380A05ADBD5EF103DAB412BDF4F6978D9D1FF10FA6CE4F9A2981DA71A92743
                                                                                                                                                                                SHA-512:D6A336B8A9B8CEDD71C6B021BCC4341238FD06CD124991492EFAE85F351DC695BB81528E1CA4B8569603685F83CB97D63F4D906681B0C990D21517AE9DD0E4A5
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......h...v...\...................................................................................................................................2...>...D.......v................................I.......I.qk..B.....LZ............u>.(....`......u>.(....`.......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............4q......o..>.....N...^............... ....[.L..x............f........................................I.qk..B.....LZ.............4q......o..>..........4q......o..>.........................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):52945
                                                                                                                                                                                Entropy (8bit):7.6490972666456765
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:cjvqR0XvFaGCTJffi0tgybmWDoTw71kHUAnjvawrlp2+NUO8dWSNl3PF2PjK/q09:cyRffflgybmWoTw1UUADHUbU21MjpAD
                                                                                                                                                                                MD5:AD003F032F32FAC4672D4CE237FA5C5B
                                                                                                                                                                                SHA1:AE234931B452F0D649D91291763B919CF350EA49
                                                                                                                                                                                SHA-256:ADB1EBBE18D6CD8FF08AA9BF5C83CDB83BF9AA179698E34E93DBCDDE12F04D32
                                                                                                                                                                                SHA-512:ECA25FA657ECE3A66D3E650628E0F65D3BADD38864C028AB6553950A1A66D7D55482C85E9E565573E9E5AAFA91C2D53235971C644A266D41EB69F8E72E3A843B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQ..aq....".....2....BR#r.b3$...C.Sc%...s5E......................!1.A..Q.aq"...2...#...B...Rb3..$..CSr...6............?......y_N.e.H7?........W..w....k|...S..d.4.>.RW5z.$.i.)V.O....>o...c..*&1.D..O..".ufbb..1...t..u=..K...m...~.....F..-.fb:i..=f..C.w.[{..~.7k....;..:..3....4.....$..m]...}....~q...9T.#..7.~..8...q.N;c..ffo.w...W..d........../t_........lWJE..).>..v;:=....Rrw#.m.n.n...E...vm.J}2N*..|.4...80.#..e....t.J..ZQ.x|g/....F..e....k+vK...M..W.X.e.L..~...j.....kz....=...n:O.:..[.L,.+R...Y..zKNI....,..{e..U.'...}.......|..t.]...~...b4......_.i..../.......m...a..n...v.j.?..Rc.$G|.31..#..$?.........h.w....-... .a.%z..u......u.A....Fm..J.......G..[...w.....:....w/.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.426462589151577
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:RsqWE62WYEb/XL965lRyoxejcGGwjruO:RsqWE6rb/XL965lRyoxejcGGwj6O
                                                                                                                                                                                MD5:1FDA9B6EAE850ED75099801170ED6455
                                                                                                                                                                                SHA1:CBE9D11F8A9397C3ECF5CBC1F72A8B68362ED4AF
                                                                                                                                                                                SHA-256:B921DDB24C202A2A5E22977F862C1E9BBE655CD12C2EF8828B20FF220ED4559A
                                                                                                                                                                                SHA-512:9CD3303261253F7BFD4C474BFD4BF252668CD47E94AB818A9A3171CF518A6F9158139A912BC075DA7F9F0B674ABDC222703A9FCDE165017CB24E16F0DED829DA
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......h...v...\...................................................................................................................................2...>...D.......v................................I.......I.qk..B.....LZ............A..ir..".......A..ir.."......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................A...+...........N...^...............)...C.C.......-........f........................................I.qk..B.....LZ...............A...+..................A...+...........................................................................j......T.]............B....H........B......>.)....J...................;........4...4...4.."........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4......................#..............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):79656
                                                                                                                                                                                Entropy (8bit):7.966459570826366
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:2kuUliOeU4os8ii3nF3Hxro/qxXD9u/kjYgMZqoEs6ZUldm:3uUsOXYIAixR2k7WAZV
                                                                                                                                                                                MD5:39FF3ACAE544EAC172B1269F825B9E9F
                                                                                                                                                                                SHA1:2D40DE8D90BD21D56314D3F99CEF4FBAE3712C0F
                                                                                                                                                                                SHA-256:70475431CCA3C91A4EFA3B8F04864371D2D3A45696674A1A0562FE9CD8DB287C
                                                                                                                                                                                SHA-512:3B9F3B32696AB7779864E83DC0C45960114A130BEE0CF4D0643DE57FF952171E5D775AA49141EE31A28A9B5D052B26EB421F26EA736D7EF4B3A7EC812CA411CB
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!.1A.Qa"..q.....2#..BRb..r3$.Cc..Ss.4...D%5&..T...'7....................!1.A..Q.aq..."2.....B3.r.#..R...bc$4..D.s%............?..Y..T.o.\......=.a..j..'^..s..[../........Y.......<...(..4.....7y..Ln.[9.cK.ilN...u@$.V.9.V?3..s.KL.z..w.jW.C.............@.~+.o?o8...k....,.m..9.".....q.....d....z.W...q...~...'..e..>..f#...S.....F....pU.......7..N.vfK......S..G.#.....}.c.........RXt.bq1.`.....[+8\.*.N..:......}.....r..........')......Na...&...m......c...a4_%d.............co..0.n.L.Q..E.Lt..y.|..F..4.i(>.._..\.eNL8..?z9I:hLgC.@.p....g.t......'.I!d..?1f..R..........|..4.wJ*..%g..~0bt.....*...v.......O...:.~.>~..o.x...9.@>...s.&.E.0/G.c..t.<..F.t.A.z. ......;.........Gp.P
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.481547248961092
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:0s/qCI8R+KqE7scX+sc9DfgRy2Nrw5lqwJ:0s/q78R9H7scX+sc9DfgRyGrw5lqw
                                                                                                                                                                                MD5:A49E1F72876FE86412026DC5C918BA19
                                                                                                                                                                                SHA1:DCD24EF2980E50CB6131BC742130935D913ECE69
                                                                                                                                                                                SHA-256:DBB76ED1669E1EDB09557CF08F7F5E46F9AF91C5324100B23C3DB4E0AA3B9080
                                                                                                                                                                                SHA-512:A78F6D39C04E70EC2EDD5CB6698BF39229673A86A3AC1CE5CA481B6EDA8510CDA5753D04594F9871963E05233D2528CC9630B95A0B7A9C0713D34623236A6023
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......p...v...d.....................................................?....?........................................................................2...>...L.......v........................................g.......p.D.9.I.......I.qk..B.....LZ..g.......p.D.9....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............dv^.....+<R.......N...^...............w.TLv."I..}....5........f................................... ....I.qk..B.....LZ..............dv^.....+<R.............dv^.....+<R.......................................................................j......T.].............B....H........B......>.)....J...................;........4...4...4.."........................z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4......................#..............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):40884
                                                                                                                                                                                Entropy (8bit):7.545929039957292
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:MCBOA4d+ElOXJ/3pI7cRBiL7L6qERqGz65WXzZqJsKQSbIsTT6XB:hIAU+2cGdLX6qBG4WDZl4Ihx
                                                                                                                                                                                MD5:7379775A1E2AB7FAB95CFFCE01AE05F3
                                                                                                                                                                                SHA1:3D3DDFD8AC7E07203561BAE423D66F0806833AB3
                                                                                                                                                                                SHA-256:9301DB6D2D87282FCEE450189AEACE16D85F64273BF62713A3044992B6B7A9E9
                                                                                                                                                                                SHA-512:4B5006E620E80D3A146944649CF4CA619782CAD7E8C4CD0D1DE0EBCA0FA05EACB7378DAFCEED3E26F5698B07F19604614D906C8F51F898660E2F129D8DEC6F62
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1A.....Qaq....".....2....BR#S..br...3T...C$.7(Hx....4D.G..Xh.cs..'..t...%...8.....................1...!AQ..a...q"2.4Tt.......R3S....Br...#s...Uu.bc.de..$D..6..C%E..............?...z...;sB.yv...........]t.\...n...../....m....M.=.3G+..x+.....S).*&.J../..8..O/+..sG...p...<!....~.c..C.w..,[oHom.wc-.J.~.......L[..6...'..i_..S;...!Y.z.q].EK..M.x...i.x.+.;.+...}....#......f.)........e6V..p.;........s.)..Ml.J......IU.6...<9+9.^..l..Y...[._...2..^..j.ia...._..3.;...~..<3...;......z.^.......]..Qk.,...Yk...3.3Jy^p.}....q...I...&..t.......;..9.g.GH;..'...%...)..[..y..../...zCn..>...'...1e.Y..;....]..7...N>t..m-.j.............H^..T\.q.ru...}...eTn]I'r.^].#..wOY....v
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.33110258928505
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:YudY542sWTa80AV4t1A1Eft+TXA9LWofJrdqrHAC4RXB5H5h:YccjsOJV47AE1+TXA9LWwRygC4r
                                                                                                                                                                                MD5:867229E0DA7E83F81B5A5E312B397303
                                                                                                                                                                                SHA1:DC32D068935FE859276243F09EBB0972351D71DA
                                                                                                                                                                                SHA-256:F76E17FAA451D8359E0CF5AEB72227414E81691C0F81BAC1A7A4D0F80062901E
                                                                                                                                                                                SHA-512:CA2614835967DDC0386E91E33BFE88ED754A2A7CBAA6263D28757FF63DB5D2CF53BC8B71ECB0D79140BE2C188927E1A92ED54002913C56220AF7701D218DDCCF
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ..e.......e..d....?.....e..d....?.....e..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............f.d.~...9D7....I....N...^.................q....N....{..........f........................................I.qk..B.....LZ............f.d.~...9D7....I........f.d.~...9D7....I...........e.......e.......e...........................................ej......eT.]....e.......e..B....eH......e..B....e..>.)..e..J...................;........4...4...4.."................e...e...e..z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4...........e.......e....#..e............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):68633
                                                                                                                                                                                Entropy (8bit):7.709776384921022
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:tapXpSTJDOkFGdJdBk/slsbfsw1imaapnbvD8:U2OjJr6b07m1bvD8
                                                                                                                                                                                MD5:41241EE59AB7BC9EB34784E3BCE31CB4
                                                                                                                                                                                SHA1:98680761A51E9199CF3C89F68B5309FBEC7EE3CB
                                                                                                                                                                                SHA-256:035B26DF61855A3F36DBD30FDAB0C157C04C9E8AE2197EA4D4AEB3E82E6A4C2B
                                                                                                                                                                                SHA-512:3EE331D5BCEE4AD5D3FC9661D4AB4053F7D351591A094334F963C33C9D0E32CCCABE9334AD7C308108CE99617E064FE848DCD469ACD8D83FBE5C4452DE523D8F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:05:55.............................d...........j...........................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?../$.W:SZ./...9.....-...u......r.....].c...@W_.7...+......v.+PD.I..-<1.pDn-\.....p.$....0.}V....\..>.~..XN.o..l(E....ik..o.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.47515995815553
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:5OsiQifnBs2MLHtQ0G3nPEg3LaJJvevfBXVcG29VtQoJrdqr0PbRXB5U/8uY9wuY:5OsLDLHOEg3AmXBX49TQQRy0Tk0NL8
                                                                                                                                                                                MD5:0CD3D736DAA3915CAC75EF0304B49CC3
                                                                                                                                                                                SHA1:789060915C8D5B71F9EEA55B6F67C3D3C9645652
                                                                                                                                                                                SHA-256:36AD909A59BEA7AEC9A75C8001A209994BEC12BDACDBF38115F91B76C7D9B1F1
                                                                                                                                                                                SHA-512:87E4E30DAD9D9A2FBB680F88B64111BD74589936B6B7A21B59E2900C0CE197128AC50DB690F827B86EBEBAED0BE381F6C0D5BD98A594CAE489ED90C69AD707EA
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......t...v...h...................................................................................................................................2...>...P.......v................................I.......I.qk..B.....LZ`-R.....`-R..[}.$,.....`-R..[}.$,.....`-R..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............mE%Z.....&ud..I.....N...^....................6V@.d..:...........f...................................$....I.qk..B.....LZ............mE%Z.....&ud..I.........mE%Z.....&ud..I..........`-R.....`-R.....`-R.........................................`-Rj....`-RT.]..`-R.....`-R..B..`-RH....`-R..B..`-R..>.)`-R..J...................;........4...4...4.."..............`-R.`-R.`-R..z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4.........`-R.....`-R....#`-R............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 176 x 513, 8-bit colormap, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):11043
                                                                                                                                                                                Entropy (8bit):7.96811228801767
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:YyroOCsBI9pkCFsHHX2RE6VOlPuIqmBtJNBfAr+ADP1IATaNeTyZ4GF+WQQ6Qwq2:BUOCsB2kCGH32RiPDtDBfArPDP1I/eyM
                                                                                                                                                                                MD5:8E9AB9C28B155A66BC5C0DA5E2A4EFB5
                                                                                                                                                                                SHA1:972E61F162D48F1CEE21963ECBB2FE439105DB55
                                                                                                                                                                                SHA-256:B243A24FA13BC8523450E22F408F9EFF15301C938F8CA52A57018B58CE6785DE
                                                                                                                                                                                SHA-512:12062D69E676B3B34AFCEF25AC17B40294282D5BAB6C0110680293D7CC96EC17EBCFE104C284E64A30EE3C483E319E9C37C03F6EE82C79632180E45C7A684E8C
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR..............`....`PLTE............................................................................................... .......bKGD....H....cmPPJCmp0712....H.s...*YIDATx^.]...,.N.8.i......0..e..y.......8.6....Fo.........=...F..._..........O..{..............3.|.L.|.............>.....v..n.1J...k...."....7........J._.5LQ`..k...._Z.W.x:..k...g..._.....u<.Q{...1...q6.cs...l............30.g...< W...a.5..>O....9}..c..........s|I.).>.fo4.<q......>...c.:.u..co.#.7,.O..G./.K.|..q.p...(.(....iH.......m..+.7...../..{W.l....b....?.`^.q.9L&.>.hN2`1..m...]$.0J....rBy......{.._...G....;.r.Q..;..,...9..F...t;.+..2.Ub......V...8.k..5.........'[..s.H..).......%j._.&.....BN..V..q...T...#..........0.E&.o7....$..m..8g.f._$..k.8...5......HgQ...L..\.........)B.I.r.(..8.a..$N.9.=..o..Q..(.e.a..O.....c.= .......$0..X.S,..(p......$..l.c.I...=."......g....^..#~,&.a9iK..ZNE`...pFJ.@Wd?.<..Bt.E.......e...i.%d...}.!..B......9.........B}.....5...;..hL.D.....4z.....|.)
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.327068358876614
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:4EesUHKDCMwtBOumSuEQL4XSyC9/KorBrdqrTzNGhRXBQ9hyol:4EesjD1wwEQ0XNC9/K+BRy/NGhO
                                                                                                                                                                                MD5:2FD12CCDAB16B2E35D87BB28CAD3CD76
                                                                                                                                                                                SHA1:351B17F87FBDD1607FB10F3B8596F0D1CD0345FC
                                                                                                                                                                                SHA-256:23F62380508412C6A53832E8055EF6A626FE4A707F1F55A789977BC48A66275B
                                                                                                                                                                                SHA-512:D49F5AA4FF79A401256099F1A938523980B4050A933AF1098F55E636387F68C8BFA4BC08FAFE83D4B227D3343ABF04A4D451307ED649967FCC78EBBA6D54C9D8
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ.j.......j....o...w.7L+..j....o...w.7L+..j...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............l.D.l...'..q..C#....N...^.................t..{!K..W..;.)........f........................................I.qk..B.....LZ............l.D.l...'..q..C#........l.D.l...'..q..C#..........j.......j.......j...........................................j.j.....j.T.]...j.......j...B...j.H.....j...B...j...>.).j...J...................;........4...4...4.."...............j...j...j...z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4..........j.......j.....#.j.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 40 x 650, 8-bit colormap, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):647
                                                                                                                                                                                Entropy (8bit):6.854433034679255
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:6v/71rwqZMXVs99W1YvpLp/Fvl+f43ocLtuplb+CrGotLRd:+wqWXVs99rpLpNvr3pIx3b
                                                                                                                                                                                MD5:DD876AA103BEC3AC83C769D768AD39FB
                                                                                                                                                                                SHA1:1833603AA9B6A7E53F9AD8A336F96CCE33088234
                                                                                                                                                                                SHA-256:1262DD23AD54E935CFA10FEB1BE56648E43BEF1116696CA71D87E6E033B1CA7D
                                                                                                                                                                                SHA-512:946DB2277213104A3B29EC4388578B05027B974A3093B4CCAD8847397AA51AE308BC6A199E5705E1F901D6E4B1BA34D8DECFD6E5B6685184A307D749D7CFAEDD
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR...(.........xk....`PLTE.........................................................................................>.S.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.)..1..7w....6.*.H`T6.ha.k.............b!....Ba..C..P.4K..@.....h.E..X....PX+.P.-.....@@"...o.O4....xZ<...B...B..,A..y.s<......b!....Ba..C..0_p. .......=..,...i. ...=.j..N...........{4+...xZ<...B....|.....$.K<.vyE..X....PX+.P.-.:... .'p......\,...i. ...=.j........K.....%J..S+.....q..k.H.@DD.s...:..J.K.DDL.\.@`,.DD.:.(]..N....KD....A M.....F..S+.....1.sq........\.t..;..../...~k...4.DD.:..]..N....KD........@DD.s...:..J.K..[...Q....V......IEND.B`.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.38205907953456
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:Wsz1u0i5RXEjFdXXp9X4X1SRyK4SMH+gilN+QJmzn:Wsp+52xdXXp9XG1SRyK/M0Z
                                                                                                                                                                                MD5:5E5819BC982242E4C5247DB0C7EF9A9F
                                                                                                                                                                                SHA1:69F96DD33FC87BF4A88BD09AED28D8BB9AFF3A77
                                                                                                                                                                                SHA-256:9719D6FC33BAC3C01EC39217CC0CB11873F741BE8980F2BB5BE3FD497C99073B
                                                                                                                                                                                SHA-512:CFAD9AB3C74C45B70F0CCCB1FB81FA7B49871B2023D13AD2B357E76E39C6D6EA5CA30331527BC71954C3223A39FEE622B3FD8D77742C4369F655DA8C8FBB10E0
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................I.......I.qk..B.....LZ.r9......r9U.............r9U.............r9..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.................7.......5z......N...^................*[k.%}G.....=E:........f........................................I.qk..B.....LZ................7.......5z..............7.......5z............r9......r9......r9..........................................r9j.....r9T.]...r9......r9..B...r9H.....r9..B...r9..>.).r9..J...................;........4...4...4.."...............r9..r9..r9..z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4..........r9......r9....#.r9............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:27:10], progressive, precision 8, 102x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):52912
                                                                                                                                                                                Entropy (8bit):7.679147474806877
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:DB/nIviNJD9C8kfJj6TkVr4q24FsUpjPc021si:DdnIvi3D9C8Cl6Dq24ayPCz
                                                                                                                                                                                MD5:1122BF4C2A42B4FA7F29D3C94954A7C9
                                                                                                                                                                                SHA1:3750077A830FE21735A43ABD35C63BA9A4D4B0DE
                                                                                                                                                                                SHA-256:423B0DD1A93B391D15B1DC8D8757C3BF5725FF2E7A59E6E3140033E2876B67F6
                                                                                                                                                                                SHA-512:4626EFE2EDED2361D6296B57F994DC434CC9D02357A8A6A67D84A544FB8A1CFE0005EA98F846AB963BED7F2B6CE96BC9181182C9459843A52A98D3A731A4FE73
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:27:10............................f.........................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....]+\.9.9.P.d..Z.?~>.-...]6=....*.......S.9G...b<$..Z..........>.v.o:.o%.e...z.F`...[.wo..z.....k..E...5....G..7.......c2..
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.35357181463757
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:OsNzbg9lmJ7o4tJkRr7cblEkYvE4Xecc49f+oFrdqrrsRXdNNRz2upA+RZK0n:OsJ6lmJ7o4rk18Ekn4X649f+ERyQVV1
                                                                                                                                                                                MD5:1708C75F3F4757C8C5459B54A136975D
                                                                                                                                                                                SHA1:7C523D61ED5125E91A9A73FA540B058C6A1A4E65
                                                                                                                                                                                SHA-256:93ECAF5CA84D42B7FCEA1040CA4EE2D15729C4CB64808566A9742254021F9F0B
                                                                                                                                                                                SHA-512:7CDFF01E4D0C9B5CE5E9232A1755A030DE1F09B42397788303D3C17421222A60592014D5B74A8D04BD920D927C1781E82B80D580DF3B36A354B754D6B492DDB7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ.N.......N..'\..=.s.8.W..N..'\..=.s.8.W..N...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................t.v.%.r.L|J#....N...^................i.'6K|M..&.B.S.........f........................................I.qk..B.....LZ...............t.v.%.r.L|J#...........t.v.%.r.L|J#..........N.......N.......N...........................................N.j.....N.T.]...N.......N...B...N.H.....N...B...N...>.).N...J...................;........4...4...4.."...............N...N...N...z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4..........N.......N.....#.N.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):27862
                                                                                                                                                                                Entropy (8bit):7.238903610770013
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:LTawAZvhbrXzDc6LERLQ/b5vXOl6pXQ/wD5OUMrdRUUhCplQg0ESSz:6wm/vT/b4wxoqbdUhWnSs
                                                                                                                                                                                MD5:E62F2908FA5F7189ED8EEBD413928DEE
                                                                                                                                                                                SHA1:CA249B4A70924B73BDA52972E9C735AEC35A0C5D
                                                                                                                                                                                SHA-256:20ABE389C885E42B6EBE9E902976229BB6FD63C8C34CB61AA70B8B746209F90A
                                                                                                                                                                                SHA-512:EE8D1821A918BE8714F431895E7223D08036E88A4FDB9A5485EFF246640EE969A69A8AA4E2E9DDC35BA75FB6D4E95092A286E90B477BD6998C313639C2C31F25
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:18:09......................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................!.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..P.v..+..n(a..Q..S\6....Y....D......} w#.b..]l.5.RU..k...... ]$.$.........f........?.z@2uU...7....?..|.Q..I.&.. ......"T4)wdH.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.49790140314317
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:jGs3ESHf6Mt9KQisE5zD6XIA9jko1rdqrKMFFRXjbeNysD5:jGsPHffjK6E5/6Xv9jkURyxFJpi
                                                                                                                                                                                MD5:3C56C841CDC97E21783056DE5B30B583
                                                                                                                                                                                SHA1:AC463D92DDC2C12A2216C9D60F594D31140873DE
                                                                                                                                                                                SHA-256:236C422F6E18F14654FF277CB4AA74EAC68B2B16A27DE860E6C21169B992AB53
                                                                                                                                                                                SHA-512:B0985F61540516A9F2AC0EECFC751E6929598D5FD1BCA9AE9DFD9A856F10FC456E70D81F197434CC35198C937C989C44EDBFBF689B7636103695CC18676A073D
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......r...v...f...................................................................................................................................2...>...N.......v................................I.......I.qk..B.....LZ.FM......FM.vt....v..i:.FM.vt....v..i:.FM..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................A.D..!.L.@}......N...^...............s: .Q;@N.....1X........f..................................."....I.qk..B.....LZ...............A.D..!.L.@}.............A.D..!.L.@}............FM......FM......FM..........................................FMj.....FMT.]...FM......FM..B...FMH.....FM..B...FM..>.).FM..J...................;........4...4...4.."...............FM..FM..FM..z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4..........FM......FM....#.FM............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 50 x 556, 8-bit colormap, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):977
                                                                                                                                                                                Entropy (8bit):7.231269197132181
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:6v/7QiFJaY/z+obuqFA4fypjQSbtBK+lcqNGSbb7XTJArRRzN5DjNRkPmu5cCbR2:x0QY7xbjy9pY0JPXLTWroeuCCbX0
                                                                                                                                                                                MD5:B7F74C18002A81A578A4EE60C407A8D3
                                                                                                                                                                                SHA1:70A7D4BB1B3ADF4397D168AD0D81B286F88EBDE0
                                                                                                                                                                                SHA-256:95F59A0433050180D4C0E8858B83363D51BEA6752A8B7CA516A8677854D8F5B6
                                                                                                                                                                                SHA-512:13186A7CDCE80BCA9D2238666D6D7A989FA1887EABFA5D8A9A63EEC304DFD4BE8EFF652205FA56E1D1CEE7D3680AF8C70A952AF73AB3C246400E8D4EBECBDBA9
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR...2...,........A....PLTE...................................................................................................................................................................................$.y.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^...0.D_.......cck.....%a...X.a0Y...-..!.G...[....(.r.H.$...1 .zq.4V.e|a.6.X..4..kl.%....=w....6..TN.....{.4..T/.z...../.....3..!~..t.#b..^.....E!.SFb ...-.....^...,..C.!.b...i._c...s.X.w.. lsQH..H.gKc@@...i. ....m...;Ci....@G.; V{..lO..\.R9e$..{.....P...E.+.2.0D.B,..P...56.?......K.6..TN....^z.4..T/.z...../.....3..!~..t.]b........E!.SFb ...-.....^...,..C.!.b...i._c..Y.O...?.9k2.M.?5 .n.P...,...d._..%M?....6....,.1..R.4.a.R.+..U.Q..P...vd..T........j .]@....."..lJ../.90.4...Y. ...9.%...{......Hc%.....i..%M?aG..H....o.q.......4.......X.d9.r..CI.O.5.Ri0?.s\b....w...>/k..4V.)Y....P...vd..T........j .]@....."..lJ../.90..2..MP..l..?....K.X.....IEND.B`.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.36922627406859
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:vTaDswCnzrYkvtK6E3VpLbGXml9fd9oVrdqrSxRRXWs9grWyo6Qpxt:vTaDskkvzE3TOXml9fd9MRyWRrD
                                                                                                                                                                                MD5:2E239453BF7782116BAEE55AA4126FC7
                                                                                                                                                                                SHA1:116D18784256C52004864EBC5BB72B88F0919ACB
                                                                                                                                                                                SHA-256:90D2786C41ED0BE8CCB6BD19EF71ADBCC2BA19EFA5E1E180F52D4BD9BF382E83
                                                                                                                                                                                SHA-512:D64BAD548070B339E72C635BEA21A20107978688642A7E98784C9790E0C3F02975EA99C3F337087C3EE9DE8C676BB6D4ABDD9B9E9C4586632EADA9EEFA1536F9
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z...........................+R......+R../.t.7..<s..I.......I.qk..B.....LZ+R../.t.7..<s.+R...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................U..\.-F..K(.}....N...^...............v....UHF..fE..;.........f........................................I.qk..B.....LZ...............U..\.-F..K(.}...........U..\.-F..K(.}.........+R......+R......+R..........................................+R.j....+R.T.]..+R......+R...B..+R.H....+R...B..+R...>.)+R...J...................;........4...4...4.."..............+R..+R..+R...z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4.........+R......+R.....#+R.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):34299
                                                                                                                                                                                Entropy (8bit):7.247541176493898
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:BrSX4V3P8AIc4KLkHeXRUer0zrhOmXfvG0yH82I:tSXuIc4K2eBtswKsHg
                                                                                                                                                                                MD5:E9C52A7381075E4EBC59296F96C79399
                                                                                                                                                                                SHA1:BE295AD24D46E2420D7163642B658BF3234A27EA
                                                                                                                                                                                SHA-256:D56CEFE9EE2FAE72E31BDBA7DD2AA4426EA22E3CEB22EF68C8F63F9F24D5A8BC
                                                                                                                                                                                SHA-512:95CC96DD4459EBAE623176033BA204CCDC50681A768F8CBAE94C16927D140224E49D5197CAE669C83C77010C5C04C1346CF126BEF49DB686F636C5480342A77F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.......................................................................................!.1..A..Qaq......".#4.2r3.$.%...B.5U&6....Rb.Cs.7..cDTEFVf'...S..dtevw.u.........Gg.....................!1..AQ.aq.2....."#3.4....r..BRb$CS.D............?..5..............#....v.q.m.}\..{....;...r....h.....J..q|..'.;\..6..v......e...../.k..|.8..i..|..]..3e.m....n..Z.GS..n".y..w.-...[a...7A.....i.4.)9\..~C...=.........s..\V]c.D1<./.g.l.&v..~.h..]....zb>G..y:vNS.\......LU....t.{*..Z#.?..v-...wn.rR...P.....y\=.v....../..9_...m4...V.|.+.o.#.......xj....}..>.s.>C...m.[;.>.p...=^.i.X.(..1...{.F#N.W...xi.z...4..u[{...yO.....8..}\..2...KlX.nbya...2.&.F...R.b.k.7.GV.x.h.y\.Q..O<\>......-...=...r......\......Z.Z...Jf.'....z..Y.q>.p....o..K....h..R..c.lg?......A.Z...Y.q3.L|.'5...
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.346345034839108
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:Ksxm9Vz9ytpgwEHSFLkLXzL9zwoRrdqrPmiE0RXfheZB05:KscVz9yLEyFQLXzL9zwARyP1E0EB0
                                                                                                                                                                                MD5:5D190380894FB7F9EDECBF53BDD84F91
                                                                                                                                                                                SHA1:A24B479AD22488C0994212E791081661BD954F82
                                                                                                                                                                                SHA-256:08DCF5F846B2C63DB16EF8EA1EB963E5ACC66651F3361A63D5BADB354F2A2CF9
                                                                                                                                                                                SHA-512:D2A6DD46438EAE8748CE5730065BDB01B4467399324B3DD7EFDBE829BA4465D080AD3868FC69ECAAD550D3178B188F1705BC3A2B0BDAE99D81A6707C21696898
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ.........K....H..&.....K....H..&.......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............4..;+..7)W.+......N...^.................d~.. I.s...}qj........f........................................I.qk..B.....LZ..............4..;+..7)W.+............4..;+..7)W.+......................................................................j......T.]............B....H........B......>.)....J...................;........4...4...4.."........................z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4......................#..............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 171 x 552, 8-bit colormap, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):10056
                                                                                                                                                                                Entropy (8bit):7.956064700093514
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:edmu1fpj5DVHuooK4EpGLbAdT+dBXYBR8D1V2p6KwoPR6KUX9ojwRpgA:2Pp/B4LbAF+dBo/1E3S6JScpgA
                                                                                                                                                                                MD5:E1B57A8851177DD25DC05B50B904656A
                                                                                                                                                                                SHA1:96D2E31A325322F2720722973814D2CAED23D546
                                                                                                                                                                                SHA-256:2035407A0540E1C4F7934DB08BA4ADD750FCB9A62863DDD9553E7871C81A99E3
                                                                                                                                                                                SHA-512:BC7DC1201884E6DAFDC1F9D8E32656BFAEE0BB4905835E09B65299FE2D7C064B27EAA10B531F9BECF970C986E89A5FD8A0B83F508BBA34EB4E38B3F7F5FC623A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR.......(.....!..t....PLTE.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................4.....bKGD....H....cmPPJCmp0712....H.s...#.IDATx^.w`......$..B....... ....fz5..6`l\.8...Nsz{.//y./....{.7}g.....e.....~.......s...f.....%c...6....O.PJ...Y.oi...9..'j.2..6.-
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.299045589699967
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:OBss2qq6rIatOPgqEXh2aL1lQX39v46oRrdqrQBNtRXKduh2M+:esN6rIaIrEfxlQX39v46wRyQB/52
                                                                                                                                                                                MD5:C21451775F4EBFCC6988239139B1EBC5
                                                                                                                                                                                SHA1:394AD4AFEA06EAC12902841CAE66981ACC8B1CD6
                                                                                                                                                                                SHA-256:663DC16FF20E2D8948F9F83A01D7C26AFA3AD85CE7915796AD9BC0400B56D0C4
                                                                                                                                                                                SHA-512:1CE6E5BAF0EB7CD908C631F5AE244634F93F0519D4783F4A0DA01CAEC256FA0A98FC3B9EB1F93E047FAFA0F413342C6A93075350D4452178021165B72AD1D336
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ.1S......1SCz.#...#..X.F.1SCz.#...#..X.F.1S..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............#;W...3.....l.yl....N...^...............j..j7onD.r4>............f........................................I.qk..B.....LZ............#;W...3.....l.yl........#;W...3.....l.yl..........1S......1S......1S..........................................1Sj.....1ST.]...1S......1S..B...1SH.....1S..B...1S..>.).1S..J...................;........4...4...4.."...............1S..1S..1S..z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4..........1S......1S....#.1S............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:11:38], progressive, precision 8, 577x757, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):84097
                                                                                                                                                                                Entropy (8bit):7.78862495530604
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:cgHTEuD99rHwA5MSadIV2MApVmfJkAKOQ/Z1I7ngpDDyHfKFVITrU:HHjXidIhApV88/jIEmrU
                                                                                                                                                                                MD5:37EED97290E8ECB46A576C84F0810568
                                                                                                                                                                                SHA1:18D9FACB4CFA3CBF63B882CABCF30B203EDF4126
                                                                                                                                                                                SHA-256:140DD943D0F0CFE6AAA98470B7D1A7CB62CA02CB1D8F522DD2AC77433232EF41
                                                                                                                                                                                SHA-512:E0F57314C136211B8253EB2AC0093DED82198E7170D4F97C40D82FD4EC4123D2AAFE3EB4EBC3E7523C4DF4D77619408773871BDE15B6DC6C4049C71D5B9D4222
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H.....hExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:11:38.............................A.......................................................&.(.................................2.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................z.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....b.xH......T..I...S.q.~..../s.R.x.....8.a..vE.5...-.G.A.4...._......$K..d.@NC.q....J.....>e".I.%...I0).R.I$........M3.F .
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.332392144747241
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:jsyPQHWmVYYHt5GEMxQXOsD93TocSrdqrVpRXq78IW1FhEt8YQl:jsfKYHaE/XH93T8RyP1
                                                                                                                                                                                MD5:94B27E2516B883C0583A6034BA58B24C
                                                                                                                                                                                SHA1:033EBF60C5E8EDA8D7E4CAA89A349BC99478836B
                                                                                                                                                                                SHA-256:19D27100884A83FFA82261BA122DB713EFC98DEFE9A98E9F283594F54A9B3329
                                                                                                                                                                                SHA-512:A83287C0F81E2108769B2C24116ED88993715D7B6A642C087DCBA52A67DEDC914FD4AA6EB3DB68A2C9E7DC23963BFDB83EB823F0F5ACFD6EA6AF0C8F9A758F2F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......L...v...@...................................................................................................................................2...>...(.......v...t............................I.......I.qk..B.....LZ............WK..=u.Sz|.9....WK..=u.Sz|.9.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............=.......#f...E/.....N...^...............0.s....F....5..k........f........................................I.qk..B.....LZ............=.......#f...E/.........=.......#f...E/.........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4........................#...............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:26:15], progressive, precision 8, 216x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):64118
                                                                                                                                                                                Entropy (8bit):7.742974333356952
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:ORG4azGOKXzkEmR4bdRSbxONOoz0khbSb4J/5GZK5SWUlRwUYdv1M:ZXzGXzJdhRmgHfIb4J/5GZK5SWUldYdq
                                                                                                                                                                                MD5:864EEA0336F8628AE4A1ED46D4406807
                                                                                                                                                                                SHA1:CFCD7A751DFDBE52A20C03EE0C60FDFFA7A45B93
                                                                                                                                                                                SHA-256:7CE10D1EA660D2F9CF8B704F3FAB2966A4CE2627D9858D32C75D857095012098
                                                                                                                                                                                SHA-512:0CAA0C54C14571C279A75F0D5922F78A17803CF6EE1724D66819F7F5944C0F5B25CB586BB686A52808CDF2F8FEB3E4864052A914884054EF7DE44124A8CA951E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:26:15.....................................................................................(.....................&...........s.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................#.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....NC+n....<.=.7..&.8A56..@^.Q..\\...E.>..".&G.......J .'....$.I)........0.../..mv...D....<v0=..ugc+..l.o...=.c.......x.&D..{`8...v
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.341170248744597
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:Ks4Sht33ujtqYLqXEpBIXyI9TVo9rdqrvCdwyRXYh9Jfw+:Ksf+j0tEMX79TVERyvuMf
                                                                                                                                                                                MD5:E6CF0E07C09B3E71EC6A7C20F3B8534C
                                                                                                                                                                                SHA1:0DAAC4A78CEA0A6BED41D89FBFFD89C00BFDB91F
                                                                                                                                                                                SHA-256:631EB7A46BD2CD9BF1BA35D49F63976D58CFC114DAA519ACDF069E1F0052CDB5
                                                                                                                                                                                SHA-512:DDA8913209E1307E94B997AF3F28B4D3D0539509B3CCEE823A2000574A182CD6AE6D4D2C5DA33D58080550738C22C5547C7CB502335B7C467EC20EFADBD6A9F6
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZj.......j...2M-.".....k.j...2M-.".....k.j....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............1.h.....x...:......N...^..................Ke..M.h{(H...........f........................................I.qk..B.....LZ............1.h.....x...:..........1.h.....x...:...........j.......j.......j...........................................j..j....j..T.]..j.......j....B..j..H....j....B..j....>.)j....J...................;........4...4...4.."..............j...j...j....z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4.........j.......j......#j..............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:09:29], progressive, precision 8, 609x675, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):65998
                                                                                                                                                                                Entropy (8bit):7.671031449942883
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:klZtmExaFrtWgpc+Sg+DKeplHClpHfRtPMbe:VEWWl+SNDKqlH8p/vse
                                                                                                                                                                                MD5:B4F0A040890EE6F61EF8D9E094893C9C
                                                                                                                                                                                SHA1:303BCBA1D777B03BFD99CC01A48E0BB493C93E04
                                                                                                                                                                                SHA-256:1F81DDE3B42F23F0666D92EBF14D62893B31B39D72C07AEE070EAE28C2E6980E
                                                                                                                                                                                SHA-512:8F07E4D519F2FD001006BB34F7F8274B9AF9EC55367B88D41D24E5824FCE4354FD1290CE4735E43930829702ED53F41DF02C673904A7091E9354C28E029AD4EF
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:09:29.............................a.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..-O..s(...gO..@...[..+....+...H.'m........L.......@.......[k...S..O..p.'{X..3......]W..w.+.V....[.-.....2..i..i$.p.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                Entropy (8bit):3.253226359901884
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:A/s5aLlK3K+WEcEqyWXKXW9bo4q3xIR0HqBOs:A/s0LluHcoWXKXW9bUxIR0i
                                                                                                                                                                                MD5:96C847FA315006560E0F5CA7867F6634
                                                                                                                                                                                SHA1:03207C233F18614E6ABC2A13618C130B9C60C492
                                                                                                                                                                                SHA-256:8F02A9E6A964011BD8DC76F111EB059EFD354D93122A663053508ED14AFDCA33
                                                                                                                                                                                SHA-512:5D4298BD1E19C9AA9225CC8BE9459C697403A30FFF5731A870A39DAC6081C822A7BF7CF2342C72EDED303840800DFF49805AD3AC3ABB4C1221EAAEDF90CF4F9B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>...........v.......................................................................................................................................2...>...j.......v...............................=.......=..S.R.. .Y......I.......I.qk..B.....LZ=..S.R.. .Y.....=....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................/..;.6....!.r....N...^...................`..J...<`..........&...................................>....I.qk..B.....LZ.............../..;.6....!.r.........../..;.6....!.r.........=.......=.......=...........................................=..j....=..T.a..=.......=....D..=..H....=....N..=....?.#=....9...................;........4...4...4.."..............=...=...=....z...y.. x.. ...........$........4...*..7*..7...........Op.b..F.$..i.................;........4...4...4.........=.......=......#=..............................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):32656
                                                                                                                                                                                Entropy (8bit):3.9517299510231485
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
                                                                                                                                                                                MD5:DD4CA4BC0A73FCB71BEBAA3C29CB8F66
                                                                                                                                                                                SHA1:1A7085771D7941540EC94A1BD24D7CC8EA556D4B
                                                                                                                                                                                SHA-256:0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
                                                                                                                                                                                SHA-512:5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:....l...r...1...*...^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+*@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+*@..$..........?...........?.........@.......................}*E
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):12824
                                                                                                                                                                                Entropy (8bit):7.974776104184905
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
                                                                                                                                                                                MD5:2628353534C5AD86CBFE57B6616D46DD
                                                                                                                                                                                SHA1:244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
                                                                                                                                                                                SHA-256:69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
                                                                                                                                                                                SHA-512:2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}*f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F*.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.|. ......EC..............1.\
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):32656
                                                                                                                                                                                Entropy (8bit):3.9517299510231485
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
                                                                                                                                                                                MD5:DD4CA4BC0A73FCB71BEBAA3C29CB8F66
                                                                                                                                                                                SHA1:1A7085771D7941540EC94A1BD24D7CC8EA556D4B
                                                                                                                                                                                SHA-256:0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
                                                                                                                                                                                SHA-512:5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:....l...r...1...*...^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+*@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+*@..$..........?...........?.........@.......................}*E
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):12824
                                                                                                                                                                                Entropy (8bit):7.974776104184905
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
                                                                                                                                                                                MD5:2628353534C5AD86CBFE57B6616D46DD
                                                                                                                                                                                SHA1:244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
                                                                                                                                                                                SHA-256:69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
                                                                                                                                                                                SHA-512:2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}*f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F*.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.|. ......EC..............1.\
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):32656
                                                                                                                                                                                Entropy (8bit):3.9517299510231485
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
                                                                                                                                                                                MD5:DD4CA4BC0A73FCB71BEBAA3C29CB8F66
                                                                                                                                                                                SHA1:1A7085771D7941540EC94A1BD24D7CC8EA556D4B
                                                                                                                                                                                SHA-256:0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
                                                                                                                                                                                SHA-512:5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:....l...r...1...*...^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+*@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+*@..$..........?...........?.........@.......................}*E
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):12824
                                                                                                                                                                                Entropy (8bit):7.974776104184905
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
                                                                                                                                                                                MD5:2628353534C5AD86CBFE57B6616D46DD
                                                                                                                                                                                SHA1:244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
                                                                                                                                                                                SHA-256:69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
                                                                                                                                                                                SHA-512:2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}*f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F*.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.|. ......EC..............1.\
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.325800282756972
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:Y9sqj/HLb+EyaBXh9zKuXRboCMViFGVOT4:WsgHL/yEXh9zFXRbX
                                                                                                                                                                                MD5:7DEF3432A1793DAD139B1A337ECC8E1F
                                                                                                                                                                                SHA1:E96FCE996A1B41C7F4FC6EAD290038A2F342130E
                                                                                                                                                                                SHA-256:5524F07F6915E42DF342BBA8B3B71815832963828A0295E79AC2E5BDD0416BC9
                                                                                                                                                                                SHA-512:FDF10D451A1C50FED45092513DA3C62F4433E4B7EFE8EB73471CA38CA08DBE3215513E36911817FA2B2D6361267F3D9008EF97AFE0E548FE2E01E6D29FC47D96
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ..8.......8.(PK.".B.......8.(PK.".B.......8..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.................y../.M.j.9....N...^.................b5f.IJ.?..Nh3.........f........................................I.qk..B.....LZ................y../.M.j.9............y../.M.j.9...........8.......8.......8...........................................8j......8T.]....8.......8..B....8H......8..B....8..>.)..8..J...................;........4...4...4.."................8...8...8..z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4...........8.......8....#..8............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):39010
                                                                                                                                                                                Entropy (8bit):7.362726513389497
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:6tCjwO+E+KW0ZtOgepcoWW4pAWQ6/KWcR474HOAZaDfK:68j+E+KW0HOgep/72/NKWcRNefK
                                                                                                                                                                                MD5:9700DE02720CDB5A45EDE51F1A4647EC
                                                                                                                                                                                SHA1:CF72A73E1181719B1CC45C2FE0A6B619081E115E
                                                                                                                                                                                SHA-256:7E6A7714A69688D9FFDF16AA942B66064A0C77FCD9B3E469F89730B4B9290C3E
                                                                                                                                                                                SHA-512:5438921467D62376472007B9EBF3C35C9D9FE3EDE04D99A990129332D53EBC8EE2555C0319A4F7C0DF63516F29CEDF2171D8B6DC34C9FCD075C2CA41EB728660
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!1..A...Qaq..".......2BR#...b%&6..'w.r.3f7W8.s5EUeF.g....CS$4.Vv..Tdt..G..(c..u.Hhx.......................!1.AQa..2.q....".s...3.4BRr.#......b.$c............?........uf.....t...;..[...W.h.....-.k.f..i.u..KQ..b.F...rM%/.8n.S..=9.....G$O;.f.}L..N..U._i.[.X...3.~....S.~..+t$...c.5......{..X/..#.G...}s....6......^....o~.$.\WA?...^*w[O.~..6..~....a....~..:..0.......{O...|.s.u._w.........i...........{K...._.?.../{.....A..8....<g.iu..<..................X......|]v....D..9.k.w.|-IF.Tv.-.&.........."'.4.b....z.._.Z.....G...u.xyt./_.q..m>..S.V.Xdc.bw.T.W......g..........}s.._..?....U]_.......`......>.|'.~xH....,...?........?.q....o../..R..;...Y.G....A"?......?.<..1...w..o.M.........tco.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.394626237344212
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:zWSXxsAzyrgFB5UJtsZyEr+JZLX8L9kqj45rd3ruhxSdXKnQ2WgIoRXdPJ:HxsmHUJWIEq9XQ9kqURb1LW
                                                                                                                                                                                MD5:BFAD981A400340E44E838A12961BD813
                                                                                                                                                                                SHA1:23B7997065175A2F29A8B3866C236A45B4C69E4F
                                                                                                                                                                                SHA-256:880DF508FFABE93E879D55713FA4E739D56A9FAFDA3EE117F9C02D5A27453705
                                                                                                                                                                                SHA-512:0EABE8841077598391F263D60B59FCC74675B0A5D6A92ED2DAAFA10D62719616ECD007EF515A64CBBC437D4CBF603DAD5F3B723A45537910978907F2457F09FD
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......h...v...\...................................................................................................................................2...>...D.......v................................I.......I.qk..B.....LZR?......R?..]cj.;...q..R?..]cj.;...q..R?...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............7J.t......<.|....N...^...............N9..<..A....?.$7........f........................................I.qk..B.....LZ.............7J.t......<.|.........7J.t......<.|.........R?......R?......R?..........................................R?.j....R?.T.]..R?......R?..B..R?.H....R?...B..R?...>.)R?...J...................;........4...4...4.."..............R?..R?..R?...z...y.. x.. ...........$........4...+..7+..7........................;........4...4...4.........R?......R?.....#R?.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):25622
                                                                                                                                                                                Entropy (8bit):7.058784902089801
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:EhK81gTCyJ/Gf9Aw3t8w8EtdPeGDh6bEi1Ie1u4ZbvgwTwrSRh7ZKNpIGY:IjcRXwdJvtdGsUbEi1IeY8vgwTyC1+Y
                                                                                                                                                                                MD5:F8CCFC24DEB1D991EBE085E1B2D7D9BF
                                                                                                                                                                                SHA1:AF76C22A765434AEDA134924C517C84107F4FED5
                                                                                                                                                                                SHA-256:7354001527AB554C44E7D6981B86DD933B7DC2E0D3DC8512AD3EECD843245C52
                                                                                                                                                                                SHA-512:818BC3690B01B30BC571E4CF45EC8D1AFCAECBAB003532644381F1CF730A5B3486862D08F7579B2D3D89167AD7DF35028881245C9550B0DA23D1F81A720A9704
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!...1A.Qaq.........."2Rr.#.t6..B..3S$4..v.b..Cs.%5..8..cUV.(.DEe.&Ff...T.d.......................!.1A..Qaq...s4....2r..S"BR.3....b#C$.....c............?..D.."}:......&&...?3..W.q*.......]...m.Y.k1......K).J...uV.b.../.0.E.H..4..W_T.[t.V.w.9.x.qe.L..o.oL.....d.\.....6.|.o...}..H{Yn..E...6Y3.l.e..D.:,.n.%...t...m.........,+,..|..n.....6.*...f........6.../$../Vi..H...e.f.F.zn.).n.E..2sTn.i...Yb?6+H&...Bf..*....z.o.^7[..u.:o....t.s=.....(.s.....f.g....q9o.u1L.N...smzE..[>...+\O....j.<....j.c.W.............U..+.F/.'..W...T./W...>i01./....j.s."..Q...{...a._~OW...Rp.)*.e..W..Q4)<..'..W...q...'..U..z..g......U}...O....w....0F:.N..V.3W.|..'z0.]...j..U[v..g$D.Lc[.e...UW.m0+
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.319278592740464
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:YdhBsmlCefg18EmJrXHyim9cZoRbvX/5:4hBsmRfSZmJrXHyim9cZoRb//
                                                                                                                                                                                MD5:825B9E09C2DAE4695E920A53582E803D
                                                                                                                                                                                SHA1:156E3B073B77332AF45153C22B81D936D997C9E8
                                                                                                                                                                                SHA-256:8F153AD17929B26021D5E7BBD7F33F1AD817D24390347EEBEF8B8874E37D9A16
                                                                                                                                                                                SHA-512:8681C8EF456391FA0A541A00D0633D41A014F0123DD13E68CAF10346BF4069CFDB929E6DE1A2ED794F87746C1A962C1544D4D870CBA6738705318342FEF1DB6D
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZw.......w...YF..?7....kww...YF..?7....kww....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............[8.x`...?..!>......N...^.................:....F..g..u1.........f........................................I.qk..B.....LZ............[8.x`...?..!>..........[8.x`...?..!>...........w.......w.......w...........................................w..j....w..T.]..w.......w....B..w..H....w....B..w....>.)w....J...................;........4...4...4.."..............w...w...w....z...y.. x.. ...........$........4...+..7+..7........................;........4...4...4.........w.......w......#w..............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 50 x 500, 8-bit colormap, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2033
                                                                                                                                                                                Entropy (8bit):6.8741208714657
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:P37XYSDTz+UUl7DHt7Ah8l1+4ZfFclFUXwobKXlZr:v7j3z+UoDN0h8ugf2AwobMN
                                                                                                                                                                                MD5:CA7D2BECCBC3741D73453DCF21D846E0
                                                                                                                                                                                SHA1:E34B7788498E33FFF0CFB00125E6BA9E090F6CED
                                                                                                                                                                                SHA-256:E9EAD0BFC09D32CB366010CDFEDE1C432A2D1D550CB7332BADAC1BEE9482BC86
                                                                                                                                                                                SHA-512:7FE2C3654262B1EEBED4F6D83DA7D3450E1BE52500A3964185FC0092041506A237A2728E5D7EEA0A3814E413E822B803B789C49CF744D51816A2E4EDE5B4247B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR...2.........H'......PLTE........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................[....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.\.W.G...=a.ewA..a.!r( ...%Dc..x.x....N.OO...3=...S...........~.z.D.0...g.2P.7.*M.#'....z.......3TPj.Z.[5....V..z'L3...a.j9..C>..9.z
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.315464509584532
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:SsaoRBHndpjGXDtf1SfEkJLLX398u9j4lrd3r4xrIdXgt+dmZyutw109:SszdjGXDF0fE83X398kYRbaIGwG
                                                                                                                                                                                MD5:DBC6885535B0E495E4781DE2FD4B98AD
                                                                                                                                                                                SHA1:CF5E4A203555CD8854D0E89FB3E3FF3CA694CCC1
                                                                                                                                                                                SHA-256:4FA175908CA4588441B70B1E37A39A7E2F49F10C8F0B8839AE19D6F7ECDEED7A
                                                                                                                                                                                SHA-512:C70C02D9ED99F86AC19F4FC35BBB789F2A1AC990BAFE1D4D8241C3A0A6DA35095FB09E6873D04BE7D0150F1C15052C611DDF2AE8104A3AB73246B43A3993C992
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ............p...0U3.8......p...0U3.8.......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............|.k:H._.>:.J........N...^...............D......F...qC..........f........................................I.qk..B.....LZ............|.k:H._.>:.J............|.k:H._.>:.J............................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...+..7+..7........................;........4...4...4........................#...............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):55804
                                                                                                                                                                                Entropy (8bit):7.433623355028275
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:gVvci05lhVbfBcWvBLeynluexaWqzww/u5:gVUZhHDljaHww/u5
                                                                                                                                                                                MD5:4126992F65FE53D3E3E78F6B27FD49DC
                                                                                                                                                                                SHA1:BC0D76B69310DA9B909D3EE4CECBFE5F386BFB45
                                                                                                                                                                                SHA-256:3FBE3C1C238BD7DBC67F8CFF5F3BDDFD513C96A9851B9616477947D21DFF4B2E
                                                                                                                                                                                SHA-512:624853F5E56D224C8188F122B2C4724F867D4099E7FAAFB9C945BE7E2907900ADCF4AE97AB08909CF94E96FB6F381E3B6396D560D93EB2731E4E69CBFE628F10
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d..............................................................................................!1...AQ.aq"2.....BR..8x..r#..9b....3....CS$.'.cs.......7Gw.(.4%5&..Wg.h......tEVfv..H..........................!1A..Qa.q...."2..u6....BRr.#...b..3s..d...7.Cc.$Tt..S4.5Ue..&..%.................?...,...8..{..S.y.N....%..q.8..H[5....o..xg........)c(.eO.YO..._D..x.U.....%.S.r.r._.^..Su.h.Q.t.:.#?....x..B.S...Q.....oqF..%..8'.qx....%.2JKjF..{y.w0.*a.RMb.c.Q{%....eW'..[IV..'ZW3...[...MN.....rO.:....$.i..7....Vrrr...I.r..M..Qo..j....q.^...N...J......%.J..)F...>$.....u........o...+......[...*..t....R}.I..R..S..GB..:......).6_[^Xft...F.1.....zP....,.#....MG.T..Q.F.....)Fi../.I...,%.voEb.b.Z..V3..FT.}..[Z{....wd.z.e.....QwW(.).t..\..'....:)<W.<..&k...caRT.X(..K.....:f...]...q..
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.48523804867913
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:csu7u8d7qs8Jt1Y2EbzBG7pX0y7p9Iij4RDrdMrhd/UdX2zb5bok7GyAS5bB+Ev:cskq7J3EBeXv9IiSDRMhCgbn9
                                                                                                                                                                                MD5:C80D78B95BF644EE2148D6C544EEFE51
                                                                                                                                                                                SHA1:3CCFA1BD03840EE29E1F8FECA495E365B3B4520A
                                                                                                                                                                                SHA-256:7361BFEACC961F0D02A28CFDA2B9E08DEE2C70DA881A222FC0253A3FCCE3A838
                                                                                                                                                                                SHA-512:8638906F2DFEC38054288981AECC022401E31EF57C8AAC28DAEEE3901D8615284DB48A80983AAA644E723D3C4E70285043B430B45469980F084F0DA2772C2F0E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......n...v...b...................................................................................................................................2...>...J.......v................................I.......I.qk..B.....LZ.M.......M...m.8.|d..]e.M...m.8.|d..]e.M...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............$..[<'%......CF....N...^.................[.oC..g...j........f........................................I.qk..B.....LZ............$..[<'%......CF........$..[<'%......CF..........M.......M.......M...........................................M.j.....M.T.]...M.......M...B...M.H.....M...B...M...>.).M...J...................;........4...4...4.."...............M...M...M...z...y.. x.. ...........$........4...+..7+..7........................;........4...4...4..........M.......M.....#.M.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):59832
                                                                                                                                                                                Entropy (8bit):7.308211468398169
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:HS9SYFtN0+CRa9mfJy4zBAiIJhzrkHDV2hJK:yAmta+Tyy4zBIJW5WK
                                                                                                                                                                                MD5:DCDD543A4E0BA2C1909BA095D46FFBCB
                                                                                                                                                                                SHA1:B86C89537138FE07255354202D3EAD0B53B3C54D
                                                                                                                                                                                SHA-256:28F334B77068F71F5F92A95695433B950610204A0E5580CE567DB8FAD4993ECB
                                                                                                                                                                                SHA-512:5408C3259B7F3288A4BEB04342799AD5FE3A6F0EC7E92353B29B7E7E538DFA9903B39637226919E0421BC422635D25F5F8069DC7441864DC03E1B909BF5C2C84
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H.....fExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:08:07.............................S.......................................................&.(.................................0.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................y...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?......;R~+'....xh..~.n-}.......Te................^B..IU_....._...S......h.......!....9...A}6V=J......C..c.....Ug.Wh......
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.326389337308966
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:pBs5Zq4cWgW7FhltUEQ2sX19Ledj4n5rdMrmUdX9jS7HWgk7RgC36gg:pBst7rlWEqX19Led8RMXfwg
                                                                                                                                                                                MD5:41E2413903B5379A85F4D7C907C8DB2F
                                                                                                                                                                                SHA1:B463348781FDA0E53AEF6A7745B994509441F9A5
                                                                                                                                                                                SHA-256:AB52956819D2C931942350620590808FC9888E185B634CDA5AF75C16C6BDA08C
                                                                                                                                                                                SHA-512:0FAA0CECB4D6D6C4BF35B340FC49A6A5A515F83DFDE862C98B2420E54AB7C544070AED9F5B1CE79A57A2B6FF653CF980CA4EE74C661EF7B4B609A0615154EB3B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................!.......!...K.#....D...I.......I.qk..B.....LZ.!...K.#....D...!...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............q(.c....P..........N...^...................../E.[.L...........H........................................I.qk..B.....LZ............q(.c....P..............q(.c....P................!.......!.......!...........................................!.j.....!.T.^...!.......!...B...!...C...!...>...!...|...!. .3...................;........4...4...4.."...............!...!...!...z...y.. x.. ...........$........4...+..7+..7........................;........4...4...4..........!.......!.....#.!.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):33032
                                                                                                                                                                                Entropy (8bit):2.941351060644542
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:ofmqvnCfmqsp1Ue5xzMq+Qh0dffUmS0w5xzMq+Qh0di:AGAp1rmSl
                                                                                                                                                                                MD5:ACF4A9F470281F475EA45E113E9FB009
                                                                                                                                                                                SHA1:B20698DDA5E5AFDD86BB359A6578C9860D5DF71F
                                                                                                                                                                                SHA-256:5DC2367A80588A7518DB5014122510BF0FD784711015EF83A8718336584F82D0
                                                                                                                                                                                SHA-512:998B7DB9DB08FD15A293267E2371052E436E024AF8D34F96D3C8FF04B1316678DFC1674C921CB404121FF381A4FC39DC759E6698F19D42A6261CBD39469B0A08
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:....l...........................Ac...... EMF........$...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC........................F...(.......GDIC............^...........F...........EMF+*@..$..........?...........?.........@..X...L........................."B...B...B...................?...........??.....n............;...<..@<...<...<...<...<...=...=.. =..0=..@=..P=..`=..p=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...>...>...>...>...>...>...>...>.. >..$>..(>..,>..0>..4>..8>..<>..@>..D>..H>..L>..P>..T>..X>..\>..`>..d>..h>..l>..p>..t>..x>..|>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...?...?...?...?...?...?
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 3005 x 184, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):12180
                                                                                                                                                                                Entropy (8bit):5.318266117301791
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:k1bHyG/fKOOOOQJUg+g2S+kEm6alfsfsfn32:+bSG/yOOOOQ+g+gOab32
                                                                                                                                                                                MD5:5C859FF69B3A271A9AAB08DFA21E8894
                                                                                                                                                                                SHA1:3156302A7450ADFF4D1B6EC893E955D3764D4DD4
                                                                                                                                                                                SHA-256:B4A8E9A67EE0B897615AC4CCE388FFC175AB92D9E192E6875C79A4E7C1B5BB6E
                                                                                                                                                                                SHA-512:4CF518136EEBCA4F400A115D9B7BB0CAC9FA650BF910B99E15F04A259B7D3EFCFFD6796886FE09DB08C37C332B14BC8500845C09C8EAE1F2306F90E98D3C99E0
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR..............;j.....sRGB.........pHYs..........+..../9IDATx^...dW...S=.dL$.............-.`...'...x.7.D...(...$.?cO....9S]=.v...Z.......{..wNuf.&.....a.k5~...._..\.yk..v.....}{._.Q...5...._9o.n.....}7.].1v..t......q....3.<..0<.p.......0....s...... @....... @....... @....... @....... @...X.'..U-..... @....... @....... @....... @....... @......,I......+..... @....... @....... @....... @....... @........z...r.. @....... @....... @....... @....... @....... .$.C.KJ[.... @....... @....... @....... @....... @........&`.=X`.%@....... @....... @....... @....... @....... @....../)m.. @....... @....... @....... @....... @....... @ ....`.)....... @....... @....... @....... @....... @....K.0.....J....... @....... @....... @....... @....... @...`.....\.... @....... @....... @....... @....... @......,I......+..... @....... @....... @....... @....... @........z...r.. @....... @....... @....... @....... @....... .$.C.KJ[.... @....... @....... @....... @....... @........&`.=X`.%
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.350811662242349
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:Ys4SXCueX/VtyrEPEczowLuejXmRpX9csDp5xrdMrKA73QXD9W9gpmd4A:YsGnvVyEsAowxXm39caBRMp0I
                                                                                                                                                                                MD5:22ED2CCB0D5BD405781B882C58A1D813
                                                                                                                                                                                SHA1:0F0AD63E9B905528DF88FA4C6F335A2503D990A0
                                                                                                                                                                                SHA-256:6FD0E4B2EA0A788FD0D5B43CC30A1191D4B69878F02569A165D7695410986E11
                                                                                                                                                                                SHA-512:151EDF129D4D76B9BAD453CEE083B16A982F6C1B39FC892FD4C2D1F6A52A446345C44198DBC6B41A1A2E350F125AB098064941526A467B69FE6A0FF8C634DE8F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ.I.......I..:........'Xf.I..:........'Xf.I...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............H..c..T..vL.....N...^...............`.f....G..8!.)..........f........................................I.qk..B.....LZ..............H..c..T..vL...........H..c..T..vL...........I.......I.......I...........................................I.j.....I.T.]...I.......I...B...I.H.....I...B...I...>.).I...J...................;........4...4...4.."...............I...I...I...z...y.. x.. ...........$........4...+..7+..7........................;........4...4...4..........I.......I.....#.I.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 39 x 600, 8-bit colormap, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2104
                                                                                                                                                                                Entropy (8bit):7.252780160030615
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:2PPEOtz2P/LJtVRaqBG8qFOPvHlcEXgkuwf+j:2PZFSjJDjqFOPPlXgG+j
                                                                                                                                                                                MD5:F6C596F505504044DF1E36BA5DA3F09B
                                                                                                                                                                                SHA1:BCF17EC408899B822492B47E307DE638CC792447
                                                                                                                                                                                SHA-256:EDBB86F160050FBF1F9860276802BAE292DBFD0BC98E3EA90D43D981E9F0C54A
                                                                                                                                                                                SHA-512:E8D067A1932CED8746FE7D665EEC34EA92A98AFF3DF26FFA9DD02742DDEA3C5654124A88A649FA33DB596F96A5FC9CB2C693D03132F1C8B254ACB56DB4763BD8
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR...'...X.......:....PLTE.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................{.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^..c.%i.F...m.m.f.m.m.m{&....X...9.....M.WUW.d.N.O...E$...$...)H....n....N.k..v.....v1L[w)w.}..!...Y.X.V.D.......[....;..[..;....
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.329552240540694
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:Z0sqetF3E2MXJ956voRM9UmqXRVqHznU:KsqetutXJ956voRM9UmqXRVqTn
                                                                                                                                                                                MD5:C8E78B2C3A686C372DE42428E12318E8
                                                                                                                                                                                SHA1:5673A1642A547E920341F99ADDBA0DDC3684B187
                                                                                                                                                                                SHA-256:0E26F61CF154163F1DD3FF84AA13BF3E11A82718BE6832DE2AFA487E054C19B0
                                                                                                                                                                                SHA-512:4EDC80DFDF0DEB48FAF45AFE04183B4B03D8876FCD473225074DF2157B642271B10514B5623B24D4FD29402C840AD77F288D7B3DB61FB3CB57342CFFC6B371EF
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................I.......I.qk..B.....LZ8.......8.......0......8.......0......8....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............'.ln9$).>_..Q..K....N...^.................%..u|@./..L.T.........f........................................I.qk..B.....LZ............'.ln9$).>_..Q..K........'.ln9$).>_..Q..K.........8.......8.......8...........................................8..j....8..T.]..8.......8....B..8..H....8....B..8....>.)8....J...................;........4...4...4.."..............8...8...8....z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4.........8.......8......#8..............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):14177
                                                                                                                                                                                Entropy (8bit):5.705782002886174
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:EbgGcV/hlvpfal7rgYa8S7auAxwfuSTmCSNoFQ6NO7L:EbgGcVnpwimnd38FdQL
                                                                                                                                                                                MD5:7CDCE7EEBF795998DA6CAC11D363291C
                                                                                                                                                                                SHA1:183B4CC25B50A80D3EC7CCE4BF445BCFBAA6F224
                                                                                                                                                                                SHA-256:DE35AF949D4F83E97EE22F817AFE2531CC4B59FF9EE6026DCA7ECEBC5CF2737F
                                                                                                                                                                                SHA-512:560FB15A9C12758D11BB40B742A6EAD755F15AD10D6C5DEBA67F7BC8A2AE67C860831914CBCBCDED9E6B2D1D5F26A636B9BCEF178151F70B4D027316F94F27E1
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!.1..A....Qa".q..2.....&...B%6.'..R#3.$E.r457bS.DUFV.Wg(.......................1...3.Q..2Rr....s.4.!Aq.S.aC5B$%............?...n.Liq.}.{#....3/gg.1.M +..~3...q..+=..:.g.i1;P)7.....q..n.s"p...wx........v.t.f;..L/..~....y.r[.r.....n.n3..6i..g..}../........3..x.L.i?We..l.......~..<.;..6..o.....N.t.o6.l..~.......<...m.V...Q.7k.u./wq.t..;.I...}..{...>.L..3m..a....yd......6~.f..~Y..}+..<.[w..'-..?.v.7...v.u..4.......1];..u.MO.......s..p..ms.'.O-o...O......m.k.e....)t....i>..E|....,iOyD|.{......g.n...cu....=..........h.\.Q:?g/?.I.3._...t...d.n.0.%y....S.Q....S.&K.w..&wY<....%.g.v.....$y..#,i;.=...t...I6..yO..o.d..w\k...~......)..rK.......].u....N....e.s..kU.u..'}
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.3696684543838735
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:Ms3BRhpY9ntwp9EYXL7paXM9XdsVpyGKrdMrhL/wDFX9E9GZ1cl:Msk9nsEQ4XM9tEBKRM5khc
                                                                                                                                                                                MD5:CD8D4BB835B64D9C60067B58CD25CA05
                                                                                                                                                                                SHA1:AABBB645974CF05A872F3E8AEA0B7AEB7B84999C
                                                                                                                                                                                SHA-256:022EFCE047BF87ED2C2BC2491B5EDA75CADAB47089BDCDC69C69FB6F9004AA36
                                                                                                                                                                                SHA-512:8C5639C64F6B8A12B7CB18BAD67BF2B606104362F40355A10381E381C8BA6F3862598F1B71E33EF7D564D18294591B74870362F4496FFC4753C850BD8B36BF39
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ..l.......l.8B4...f..&....l.8B4...f..&....l..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............d....cS.!........N...^...............}..1TL.E...?r.........f........................................I.qk..B.....LZ............d....cS.!............d....cS.!...............l.......l.......l...........................................lj......lT.]....l.......l..B....lH......l..B....l..>.)..l..J...................;........4...4...4.."................l...l...l..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4...........l.......l....#..l............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:44:07], progressive, precision 8, 611x163, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):36740
                                                                                                                                                                                Entropy (8bit):7.48266872907324
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:3nwDxjTvoE0Rjwit4rjucDILWg7/Da0JgGQ8e1S8SA/Khos0:SxjTmZw7nucDILj77a0JgGQvScb
                                                                                                                                                                                MD5:9C205C8D770516C5AA70D31B2CA00AF3
                                                                                                                                                                                SHA1:9A1002F0CF7F92F1BE2BB25BAD61CEBFAC282482
                                                                                                                                                                                SHA-256:E111F96490755C7D71E87C88ACAEA38AFE55BB865B1A14A83C5BD239648D5E2C
                                                                                                                                                                                SHA-512:A3E105208B32831265428572B0937DD3C17B793D8611B2DA8D4939F1BEC6050999D375E3F6B87D53AD49DFA0EAE737B0141D37597AA42116C310761973D4A134
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:44:07............................c.........................................................(.....................&...........n.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d................................................................................................................................................."...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..o...4.gP.~.c...K{...V.=...].<.........vS.........s....(.t......X......kk7....~-...yF}^c.Z.\.G./.?t...>....:.>......./.ib..).
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.451116976743606
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:RsFtRUJELZXb9hIIRMrN0dO63CHOAaVz:RsrRRLZXb9hIIRMrCdL
                                                                                                                                                                                MD5:183CDAA872B93AD619A21BC22369251A
                                                                                                                                                                                SHA1:6754C5A03E075837565B3C91B993805E18BC40A2
                                                                                                                                                                                SHA-256:45B15D04F3599D965B7DB195F28ADBC05B6485E62F90F3A84730E22D41EF4848
                                                                                                                                                                                SHA-512:3E70FFD76AB41A525EDC164E23DCABF21C3F8BA072063C53396D0A003E6FD82B457FF3808B24AA0B0639E1D6599DBC4754D792BBC98DD15146F51F58FBC34D87
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......l...v...`...................................................................................................................................2...>...H.......v................................I.......I.qk..B.....LZ2.6.....2.6-.....d2.K..2.6-.....d2.K..2.6..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............pY..d.=.(....]7....N...^....................H.C.hK............f........................................I.qk..B.....LZ............pY..d.=.(....]7........pY..d.=.(....]7.........2.6.....2.6.....2.6.........................................2.6j....2.6T.]..2.6.....2.6..B..2.6H....2.6..B..2.6..>.)2.6..J...................;........4...4...4.."..............2.6.2.6.2.6..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4.........2.6.....2.6....#2.6............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):53259
                                                                                                                                                                                Entropy (8bit):7.651662052139301
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:dCiCBBenRYWDBCipMYGTbYGLHbXxoP/qEF+MU50qyJ30h2W474S/Aq/xc4674bi5:dCiIQXBCiwbDLHD0/sFyVel4Pi4UgE
                                                                                                                                                                                MD5:2EE369ABB7936F8C28FF0ABDD224EA05
                                                                                                                                                                                SHA1:FE9D304A7B49E31EAE439369ABC548E265149636
                                                                                                                                                                                SHA-256:FB12D59B8BE911247BBAFDD416852E8B74B028005A141CB4DBBBA109B4B6ED2C
                                                                                                                                                                                SHA-512:5CF396CA472C32AE988600176114106CB1619404DD899A3867A5AB43DC90583B771EF69B14EF50E56A21F038BF51D8463C6ADD2DE9D4CB523F6290E24A4DECB3
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..AQa....q........"2..R..Bbr..#S....3$.....C.4v..(X.DtEUV.....cs..Td.5uf'Wgw8Hh........................!1Q.Aa....q.2...."R...r..3.t..U...B#S.4ub..C$d.5Ee&'7c.D%sT..............?.....?...k,lk^...M".Yo5.Qp.&s}b.m.:...W.x}.*.a......N1..d-n.-..^..b..TZ.W..."....F....^......ve5...^...2.:i...........~u2pK.z./&..u..L[I....Y....@y{|>..MN=:....Q[..H....a........|%..4fV....).....^.9b.f...F...p.=.W...aZ.........Z.t.n.....z3..[..lVh..\.N-.._.sK.y.._e.G.jig.a.7^....u...*.p.5.a.].........u/u..D.yl.XA..f.z..~.x.....N.....b=.uv.2.t.'.N.-.H..n.v.a.A[.Z.....T2...._...:....h..l.E..sm..a.3I...RE...fWb.Ek.0.#.)..Y#T...........u{....U....s.].7_H.2.`O6...P......}..4LR....]4.mid...
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.3500684720703555
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:BAsWkLDe1dtlbT/SEXDJAKBXrnsrkB9tsYpyMGrdMrpS+FXK1mqh/ou:BAsLDe1dfeEXnBXLXB9t9pGRMdFw/o
                                                                                                                                                                                MD5:3D6E534309D59FFDFB3B180DFDF7B761
                                                                                                                                                                                SHA1:7F04BCCAB9E3AEC6E6B674DCA75F868A2BCCBE0A
                                                                                                                                                                                SHA-256:89A01D31C83E46206BADA360893F29922AE700D3373EB06D7832978D778688B9
                                                                                                                                                                                SHA-512:F11F9474F0C3C3584D0E05E91220DBDD7A61ACE868445FF72DF06F229EE80A2917E68AC6708E3247EB7F8FE15FD4AF9D29C6F7A00B306F4AB84225A245D7D2DE
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ.yp......ypCm....!.CO.2..ypCm....!.CO.2..yp..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................?.....K.(.:.....N...^...............c|.....L.1.Q..T........f........................................I.qk..B.....LZ...............?.....K.(.:............?.....K.(.:...........yp......yp......yp..........................................ypj.....ypT.]...yp......yp..B...ypH.....yp..B...yp..>.).yp..J...................;........4...4...4.."...............yp..yp..yp..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4..........yp......yp....#.yp............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):60924
                                                                                                                                                                                Entropy (8bit):7.758472758205366
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:kU7O7+CFqO6DkxTgPzo2wqggrrX8QvN1I/ZLBttB9+dPFXbc:hVuqJDaTqo2wq1L84N1I/Z1tT9X
                                                                                                                                                                                MD5:D58C51D2CF586A5E14A9EC8529C3B0A8
                                                                                                                                                                                SHA1:F4811A353797C29B1E3F5A61B125C46E1534D587
                                                                                                                                                                                SHA-256:F927C7825851974A2149868146970706523A49165133CEE6027A43E8C9ABDF27
                                                                                                                                                                                SHA-512:34B963173AFBDF07432F4B983D29F10376E4771FE666E9D50B1A81DA0B9F6001FD86B4A08B9711386DE153BF6E03C8E932E2D181C8EAF94EFF34D20FCA7570E0
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d................................................................................................!1AQ.aq....".....2B...Rbr#.s.4...3$.5u.6v..CSc...DT..f..t..&F........................!1..A.Qaq....."2....B.s....Rbr..#4...35...CSc.$...DTdt..%..............?....O<......X.O.Fg..{.W&u.u.T~.|r;g!.._X..N.p.4.........................................................yK..xd...6..|%....\j..e.=...Y..f..I.|-....e...$R.j.......~.W#....{.....V.k.|F..z^..:.~..f......"x.....L..K..r../.;..[..l...;.U...W...X.........8.....y?..B...m.......j..Q.g3..G.K....GL.o..n7a..Y..[.'.........x........\......~...f...0\Wc.n?k.|.....1.ww;..2..?...r4uF.MXdB6..W..mG2NJ.E........u...2.q...Z..=(l)jU.X...U.\X.......O<......X.O.Fg..{.W&u.u.T~.|r;g!.._X..N.p.4.......................................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.3163909815675545
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:1qsQ1FejVulTLtcruEJtJPQXER9NsydpyBrdMrPB/FXOw93txR:UsRZuBLjEWXE9Nx8RMh/L
                                                                                                                                                                                MD5:5D9722744806CA7BF485FE5FFE52C031
                                                                                                                                                                                SHA1:BCABC7F87036908078540A970829AE334AAEEEAB
                                                                                                                                                                                SHA-256:EB4C27297DE37122EDD88AE876A340C50FE91A9BED7FC58F77ED5685D66B2B1D
                                                                                                                                                                                SHA-512:146A7B5D5C1F249E2F6BD2F8C3C111F2A457EC97DBDB028F25B983CD4B5EB0E441E9CDFE9C5512FCFEC3CBA44D78439239F271C2DF399C643B5CB0638A49490C
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZiM......iM.%.....L.L....iM.%.....L.L....iM...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............4C.M.Vp...b_J..J....N...^...............bRr...+K.....|..........f........................................I.qk..B.....LZ............4C.M.Vp...b_J..J........4C.M.Vp...b_J..J.........iM......iM......iM..........................................iM.j....iM.T.]..iM......iM...B..iM.H....iM...B..iM...>.)iM...J...................;........4...4...4.."..............iM..iM..iM...z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4.........iM......iM.....#iM.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 39 x 579, 8-bit colormap, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):515
                                                                                                                                                                                Entropy (8bit):6.740133870626016
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:6v/7su2/c30mqkg9VgFHe7Ll8UmJX/N+1Zmkk8f3lbtI4:4mc38gFHe18lkk8f3lbth
                                                                                                                                                                                MD5:E96BE30D892A5412CF262FEE652921CA
                                                                                                                                                                                SHA1:8190A0BFE21D04BC6F3A406E91B87CA69C03A2DE
                                                                                                                                                                                SHA-256:0E31DA4DFCFF4A36C64C1CE940362D2309769F36369E4C43C317D5F2FA15658E
                                                                                                                                                                                SHA-512:D647F51ABBD013226A6ADD0D551D058C633F867F9AF5A9E099B85D6E291D220F7B85958B07381CD4C7C4F72356DBAFE2A86932AE398E28C56CDDF0744E92EE24
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR...'...C........b...`PLTE..................................................................................................bKGD....H....cmPPJCmp0712....H.s....9IDATx^..I..@.C..<..?mo.#C((.J}...~..B...b.I.i.\<.e.....(p.I.EO...q.x.......dRz....K..b0.:.<c.o..0.x\:...F....I&..ap....."P@....DO...q)p*..@Y.CL2)=......1.........4....._.G..^`..lDO...q...X....SL..z....K..#.L#..I6..ap.Ls.,....7&..ap.p..lI...,GO...q.....k.n1..4......3=.f.x.$..4.....o....x.$+..0.x\.,&6...............IEND.B`.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.348820546450622
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:OBjsvkhLutsSIEEPGXo49NN/kRMKSRKxS4:OBjsshL6sS6PGXp9NxkRMbRK
                                                                                                                                                                                MD5:95DBD0D5B7ADF122A86DE6E7A188313A
                                                                                                                                                                                SHA1:F176733A2C0735B4048CE191E7A4DC10D221FB26
                                                                                                                                                                                SHA-256:D437A421BE2FD863F097FA68FB58AD810E3DB370D33A9A34CB8F1DD0B32F70BB
                                                                                                                                                                                SHA-512:6652E6BC88FAB87FE9D6A7AF76A2CA65EA6F613ABC3442307FB914FBD4B364595171946550BB3A10F0CB78D1C11B3C388571005EC1430FEC95B0FC5CB92F5ECD
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................I.......I.qk..B.....LZ......................aP..............aP.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............CRFLV..$.D........N...^...............'.C..Z`K.....3.!........f........................................I.qk..B.....LZ.............CRFLV..$.D.............CRFLV..$.D............................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4........................#...............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 30 x 700, 8-bit colormap, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1547
                                                                                                                                                                                Entropy (8bit):6.4194805172468286
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:dZeDNYbS+238CTUFPA6SXG5qSacX9q73eXu0vC3dU+OB2gbwHRuZ:dykp9FzBBacXQ3uNC3n7xuZ
                                                                                                                                                                                MD5:0BA36A74DFBF411FAB348404CCEC3348
                                                                                                                                                                                SHA1:4C619790E517416E178161028987DF1CD3B871CC
                                                                                                                                                                                SHA-256:2E7AAF26BEC32148B96442E8FFF1BD2CEF2D72630969F23B9A2ABEDB6CFEC93B
                                                                                                                                                                                SHA-512:90AF53DB7C413E2ADB970AC345F73E4ED8AF626E179C929E6560118F7A9E98DC7C5FF02B2B3F6C98D397E0FE2D85F3427C6928C328872149E176FA8A99E91F54
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR...............\....PLTE.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................D......bKGD....H....cmPPJCmp0712....H.s.....IDATx^.WSTA........b.0gPPP0..E.9b@L(.c.N.U>..@......;...}..B.(....$......5..XS...I....).!....D^.uE...\..5........F."o..-...m.n. .^.....q= .
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.328887915305702
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:esEe9hO591f9EkXJR9i9TMRMm9hgJp/AeI:esza91SkXX9gMRMmDQ
                                                                                                                                                                                MD5:B214F987F3717F02490C378BB9AF0E04
                                                                                                                                                                                SHA1:59961727018A7E2D3B8E4520C49B46B2F386D5E3
                                                                                                                                                                                SHA-256:A0B22D1AB55C4D48E5D3E8F894C8F2741DD2FE4CAFD881DAC230DA109BED4E68
                                                                                                                                                                                SHA-512:B1ED0BF67E15BE3D2E85D3B006B8FF1039F7E1C0F59E8860DC1387DA55E2F535393050124A483724AAEA6BA60F701EC4906E0EC407B24516ABC86861FE45B13B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ..Y.......Y2.D..7.K..4...Y2.D..7.K..4...Y..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............m..I.t8.#..8.Y......N...^...............4e5i.&~C.6\.3C..........f........................................I.qk..B.....LZ............m..I.t8.#..8.Y..........m..I.t8.#..8.Y.............Y.......Y.......Y...........................................Yj......YT.]....Y.......Y..B....YH......Y..B....Y..>.)..Y..J...................;........4...4...4.."................Y...Y...Y..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4...........Y.......Y....#..Y............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):95763
                                                                                                                                                                                Entropy (8bit):7.931689087616878
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:EoES7mhTyzabUaE77xAOmq0zVruQlttNxlipxVWssMU2YhRy2v6pKKYhQzwMc2:zz7mhTyzabUa4b4xuQlttnlGx8x9h02M
                                                                                                                                                                                MD5:177DD42CA99CAA2CCBF2974221680334
                                                                                                                                                                                SHA1:35FD86B3DD082A6D4930C67BC0E05D3B5817465A
                                                                                                                                                                                SHA-256:525A857D0EDA855A64D3619DF58B1C2D013A73E60FA0D49B155ECFCB2C134C7C
                                                                                                                                                                                SHA-512:6FB6D9A6C97B1115C3246690A2F339CD612899AC25ACBA00296EAEAA0A1D094E7339D670969764FE23EB7C08FCDD01C6F78FBC0735D504D5E02AD342901719B3
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!..1AQa...q......."...2..B#Rb3..r$...6..C4....Ss%5...tu.c..Dd.EU7....................!.1.AQ..aq......"r..2...4Rb#3$B.Ss............?..H..dV....U..-..0]Cp.%O.Z.Y.e.=/.q.....j76.w@s...5.&&&5...n..w..>.1....;.vR..[.......=.......KtY]u3.g18...).r....&.IZ'.....g..4kY..X..b.......y<...r1........e.._...X...w....op.m%Jr31...S.Vo.._....OI\]....F..V-....\...2j..X.....y.p.$4.....&#..]..n.V..x..P...F..C.f....])..~..Z\.....,..#..v..v...2V.k.SuaydO../[.*c._..oTV<Z.s.[...o.x..>....-....v...#....-.X..L.Z./#.XG.-.0......%w..H.@aZ....C.}...N~.;..R......5.D......I.... .R........s.>..ks....(...S...9....2=. :^.. p.+?(....$..Q..I.........=|..`2. v..t......U*.8.u.. ...'...*...2;u....& 3..$.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.3317185066913915
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:Ssm9xPDZTNWBt2eYEyLgHrXX9oSU4pyVrdMrMhVFXIC+e5BLmV:SssRRNWBcDEy0LXX9y4oRMqlNLm
                                                                                                                                                                                MD5:BB63A6D27DD34FC0159BFEC9B7E82F59
                                                                                                                                                                                SHA1:F841C0847DDC2ED4152ECF482C60364497C35C5A
                                                                                                                                                                                SHA-256:48D52C7E5C7EB17ACDA35E90530C56C26129C2266A1882795E1517CE16870AB5
                                                                                                                                                                                SHA-512:A97C42D28A6AD341169322A6F1FCCC694D6DD01805C07466ABC3815EE942311380B0064008C4115B4C2B90F1E2F9AFF5C5B252B07D012B850B2117E071AF8EA2
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ..[.......[.....$P#=...N..[.....$P#=...N..[..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............g..0.....+.qQ.#....N...^................B..@.$K.j$C...c........f........................................I.qk..B.....LZ............g..0.....+.qQ.#........g..0.....+.qQ.#...........[.......[.......[...........................................[j......[T.]....[.......[..B....[H......[..B....[..>.)..[..J...................;........4...4...4.."................[...[...[..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4...........[.......[....#..[............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):67991
                                                                                                                                                                                Entropy (8bit):7.870481231782746
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:3PC0XJjsmsKuZRG1pXuZ6z3wARnV9AEnieCc7cllJcHJ:qyMBzkUZ0gq25c7Z
                                                                                                                                                                                MD5:1271B1905D18A40D79A5B9DB27EE97EA
                                                                                                                                                                                SHA1:9618608FBD7342DE6C71220A36C3F4995BA9C13E
                                                                                                                                                                                SHA-256:5B321A4D81BD499B289B1755F6450A42047C494DFBC112DBD56DA4CED2C15C1A
                                                                                                                                                                                SHA-512:C32DD26047F6B8AA061085B38AC2B8335868E1BFD8731DB65544309223A955FA4BF45B06AC8D244408658F51A1775B6F19FF0FFC804989DE706DE8EB36F1436F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1..AQa..q..".........2...BR#b.r.3...$.'...)..C%7gw..(.S.W89.......................!1.A.Qa.q".....2...#....B.t......rc.$%67Rb3s&'CUu.v....S.d5.V4T.e.............?...?..Wj.e.e.......w/..E..eOw_.....6......u..C6h.,..;.g.D8Z..-)O..jy..e;.u.g..w..[.L""k'w.......'1'.[......=..P...S.9a.V./O....q=8xk]...........9......F...e9'....9.O.... .&.....p......c.4...mr...?.......L..'.....0....+..|_...POM=7.?.2.a....};.Z..y./....>./.C.<...;.....|.1>...........S.8.o.O...+..n2...k../.X..9...Y...:.....\...Dk......q.K..\.Wuh.!Z?.mu...R.5.A.S.h.0..[..v..+M.....aUi*.k..?#..._...X..R.&]..[..;../]L..f..V......*.e...ut&.#.J.5....c%..o.$..v.<K.6..T.IP.....6X.*.uf..t0^..-.)m$.!.q(.j.f;..WB6.b.B..R.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.36790247594836
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:i1szB38Z4mnNYtyRpEvlLpXXS39cIUbpyJrdMr7k/XBGxFXY0s9jZsrlpQWK9:8sbCNYAEdBXS39ib0RM7EXaX2
                                                                                                                                                                                MD5:44201EB4C811981178801192B1CD73C4
                                                                                                                                                                                SHA1:4701151FEFED09EEF8BB95A883D92D1546DC8C85
                                                                                                                                                                                SHA-256:28DA1633066F058632CC948614CF691FE76DD9FB220253D7015C4124C2DD80A4
                                                                                                                                                                                SHA-512:AAC0EEE372C6EC75257077C031865790F79175FDD2CFB87A6C1CFD09B7D4621DD44A0A0C09A4254B532ED33000182112B26A1FCEA4C667CC7EF7950B7CBC3A7E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ...........0>.'.I........0>.'.I........I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............l..zE..*5..A."....N...^...................!.II....Wk.l........f........................................I.qk..B.....LZ.............l..zE..*5..A.".........l..zE..*5..A."....................................................................j......T.].............B....H........B......>.)....J...................;........4...4...4.."........................z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4......................#..............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):22203
                                                                                                                                                                                Entropy (8bit):6.977175130747846
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:5q3R1VBvq3R1Flrk6Q0QPJJrR39joOVMJ25d1NkMhIwobbtAAAqYnLJZMJYZ2AC:xw6Q0WJR3FoOVMJIIlAAAqYnMJdD
                                                                                                                                                                                MD5:2D3128554F6286809B2C8E99DE5FD3F6
                                                                                                                                                                                SHA1:FC42CB04151D36F448093BDEFE33031A9B8D797D
                                                                                                                                                                                SHA-256:14FA2D16310485AA1CE41F6D774A3D637E8CF8B03C4F72990155DF274FDB6BD9
                                                                                                                                                                                SHA-512:D8531247A6E89ECABEA9C4A78F596CCE3493334EDF71AE4F7998FDDD0F80705948609C89756AB56FDFAB6D04DEC5F699A693801A772CA2EE2465BDD2CE5D2D5A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H.....XExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:06:24............................&.........................................................(.....................&...........*.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...H.....Go.Kxn.b..g...........%?_....O......q......7G......%%.V..8zm.].v?...jJ~._..>.......O;........o..rI.A.....n.a.........
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.457932197542336
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:fBs2tKuvjkMtLeI3DpxE15L35X4EH9hUFpyJrdMruU2X6EmFXrogkDJPb4jg:ZsujkMx3xEDtXr9iF8RMTKx4j
                                                                                                                                                                                MD5:02C1130D4D959169EA8A774B80579273
                                                                                                                                                                                SHA1:D860BF7E7715AAC4911E7D89F0485C1651975F7C
                                                                                                                                                                                SHA-256:52B5E7A0FBC4B4691E842F6A5EB1D8D60CC93EADA85F88C7546B21CE82CFBD2F
                                                                                                                                                                                SHA-512:A54BD1008945FD64ED82C90426C6C37419B2CD79F1564E84E9AF5DBF498C4CBA412DEEEEDAACC5728D71D1CF77D1E6DA8C73020BD79741EFF5AE9055907C3CEF
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......l...v...`...................................................................................................................................2...>...H.......v................................I.......I.qk..B.....LZ..#.......#F....%...(>Lw..#F....%...(>Lw..#..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............*."2....(.X.........N...^................zMawGpN..Y............f........................................I.qk..B.....LZ............*."2....(.X.............*."2....(.X................#.......#.......#...........................................#j......#T.]....#.......#..B....#H......#..B....#..>.)..#..J...................;........4...4...4.."................#...#...#..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4...........#.......#....#..#............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):15740
                                                                                                                                                                                Entropy (8bit):6.0674556182683945
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:Elv3GG8/OOs+GouFdxMlxjoPyerzkpuOo2vPMc62PaJseZC+BJoS/:EtNiwdxMlZoPhzkpuOo2PMc6rX8+B6+
                                                                                                                                                                                MD5:FFA5EC40DC9A0FD10EB9E6355142D6A6
                                                                                                                                                                                SHA1:3D3D6A7E086B3C610C08F1F3E3F883604F06F2A4
                                                                                                                                                                                SHA-256:D74C3973C8D1F7C77274691AFB1AA934940674341D7EEE563BE75E563281BDFD
                                                                                                                                                                                SHA-512:6FAF2A24D06E6008F3579C7CEC90C2887462BDF83FAD7372FBB74B8DE90340B580E9836F309B68A9794597A598F7DCDA661C9A58DA6D8187C69083B7A17C9CD9
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!.1.....AQ..aq.g..8...."r....2.FG..#.E..7.Rb..Cc..D.v.B..3s..$d.%5Uu..&6fW'w........................!....1Aa...d..5e.6.q...Q..."2b.c..r3DE..BRs4U.#C.S.T............?...u.&0...cV.T.I...1..=4....Ce_.g.q.=F.M:>)...k..pm..h..=........S....)Ja8x...b.).=5.q..0......k.M.....1?-.G.b&.5..Ep.8t...'...R)..ta.F$bXO]tW.b.6#.t.XWN..ZW......].....G....x&&f..'L.....7...\...'.8...~`.sa...............................................X........qo...SMk...'.V...i..hb.}&?/.k.:>l.^....>Y...<}...&.jY.Gn.MKejyV......D......gf.0....t.nw..XQ...H.B.....=8.UkR.....Hm..w..]...k...#Z...F../.gjWvf.....w.aZ].2..5..^...VZv..._.7..a.|...:.B...,f...............~....m.;_.....-.e.y.w.[m.].bu.b.f+.E++\.....Y..7
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.32689578009594
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:SsESQ6iRgEjLLX/9fOkoRMEkKdvWxFUvaNa:SsnQ6iPjLLX/9fzoRMsi
                                                                                                                                                                                MD5:2D88F7926FFEB6A1D2B92D9311635583
                                                                                                                                                                                SHA1:58AD3A62976ABC8DE96526756336855DE9AB8D32
                                                                                                                                                                                SHA-256:C0138EFD45E0DA4427D73A81A64FFF9B2233A817F10FA25C1ECD43E153624584
                                                                                                                                                                                SHA-512:AAC5C56A529879F7DE97B0FEEA0FB225662689DB53FC78B8DD13ABC19C0041A635CCE0294F6B7854EFFD6689B60B6BFB7EFE5B9E1188239D6E49A5D4558DBA57
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZE-d.....E-d&$.....q.#u.#E-d&$.....q.#u.#E-d..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............@...$*p.6....?.K....N...^...............eg3..iA.nO..fA.........f........................................I.qk..B.....LZ............@...$*p.6....?.K........@...$*p.6....?.K.........E-d.....E-d.....E-d.........................................E-dj....E-dT.]..E-d.....E-d..B..E-dH....E-d..B..E-d..>.)E-d..J...................;........4...4...4.."..............E-d.E-d.E-d..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4.........E-d.....E-d....#E-d............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):86187
                                                                                                                                                                                Entropy (8bit):7.951356272886186
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:AbmHwD7za0syWMetp3TdPFzoJamVdAQZCiUit9qbYN6LerhWMzIWgN1EeaYhJM:1QnzsyTeP3TPAdAQZCi5qbYEKrhWWMNO
                                                                                                                                                                                MD5:FEE4785DF76E93A9DC2F4501CBAEAE12
                                                                                                                                                                                SHA1:8FB4527BDE05EF208FCDB168098A07707C27501F
                                                                                                                                                                                SHA-256:F091DED5E283AF6848670A3172E7C43C6099875D39B3FC69C2BDBA914F609602
                                                                                                                                                                                SHA-512:7E99D33151A0D3873D6A819C98EA8E62D928C087B7BA2080F11C7BCF746AD60A44D4FF6EE3D2D2E8DFA4BF1FC6285ED56BB83F91C2FC6FC4FDFF2000105F10B1
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................1.!Aq...Qa."...2..BR#...br......6v.7..3.CSc...$4.s..&dt%u.f.......................!1.AQ..aq........"2.B#....Rb3..t.5u.67.8.r..$....C4.cs.Sd%.DEUe&.............?............w.....c.....i.A.....3...7.......7..P......%.........?Th..l./?.;.....$}..=5Oa...F.c.A/...D.D..]..y..3e.5\%.fo2.X.*]q.5Ee.}..i..md.T....#...-...Mu...9...-+..~w5O.);..G..'.;..).....A_...M.vV..y.q......,<.3.(...._K:..XM.......w.......9..T.......?b..a-%.c;.}..>....|.,lZKCEB.t...fw|.Sw^..Y..:.J.................t._P..v..j.1.R8.R....G..W*H<(Xi........i..xcu...WM.dqM>'W..g....M.q.....+.....b'..~....>..T.~Jc....fj.X.x..9...N.w.6:..>.......&.(h..u...t._...)_k#7Za...cZ....P...Y..;.V.,..xo.....f........Y...\6...M'L._
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.719595302683013
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:eGCs+3faPKt6tOJEdzbULaBhr5X8J9BU0py8SrdMryKSFXkRH81ZzZBj:8s8IS6QEtUsJ5X8J9C0BSRMnSGStZx
                                                                                                                                                                                MD5:CD458C045F59D61277133D9C4DAAB348
                                                                                                                                                                                SHA1:1E85AE2B8B779D2116C1F18C782D4390995C3232
                                                                                                                                                                                SHA-256:6007FFC70FD8C3A19DF8DA3A97157AAB90626F513890B71EE1D95B01DB036230
                                                                                                                                                                                SHA-512:5D98854F34C7BB06A74916DA8826BE6E931642D11CCD4C4DAB80498FD0B1689B7906271A66906EE66EF80403E068632FF4ABA95738F0B9CCF33A1B5565BF9A3D
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>...........v.......................................................................................................................................2...>...t.......v................................I.......I.qk..B.....LZ.2.......2.Y.T......Zq.6.2.Y.T......Zq.6.2...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............:..(.g....A..Ey....N...^...............;..W...K.|i..GX.........f...................................H....I.qk..B.....LZ.............:..(.g....A..Ey.........:..(.g....A..Ey..........2.......2.......2...........................................2.j.....2.T.]...2.......2...B...2.H.....2...B...2...>.).2...J...................;........4...4...4.."...............2...2...2...z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4..........2.......2.....#.2.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 85 x 470, 8-bit colormap, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):11197
                                                                                                                                                                                Entropy (8bit):7.975073010774664
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:p9wNdtRKcVHso6zsqm06xaqZdingVzLZ7/PGSIz/yycRTbChh/JzhbEx15RGb:mdtMcVHqgAqTinMzLZ7/uSIz/yTR/mhF
                                                                                                                                                                                MD5:DDC3CC30794277500EFE4BC6667EC123
                                                                                                                                                                                SHA1:EFC9642C1F95B5FC38764476AE481649C016FA0C
                                                                                                                                                                                SHA-256:7F5B660A1A0BF46C75AAF19B4F77A0E086DE003EC03AFC1F58D871D55AA5BA9E
                                                                                                                                                                                SHA-512:25232A84604C3959634D33090238FEC8D51E40AD84EB3A08BB8522A81BE1E83378649C014E98E1DFCDF46B7BFAC92D8D2429211CD11D7EE0334C9C3DF7C1B6A6
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR...U.........1x5.....PLTE....................................e........................................................s...............x..........................o..............................................................................................................................................................~.............................m...............................................j...............................................p.......z......................................................x..............|........................................v.......................y..........................................................h...........................................................................P..{....bKGD....H....cmPPJCmp0712....H.s...(SIDATx^.}i@S..N....h...!..)....AI%..p.L."a..)..`U..,h..:O.b.:.j+.Z).b..zN.s..{O...&|..N}...${....~.....k}.[k}{.o^.D_..W:35ly..7rL....6n0.A...b
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.326088714093083
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:3us9NP4kb7KaXVtFoElLAEX//X95UIpyhDrdMrnqxvFXg5jzbK3SApN6J1:+smaXVYElhX//X9KIsDRMcvvS
                                                                                                                                                                                MD5:AC20CF4364186442CACC6EB1F7647F47
                                                                                                                                                                                SHA1:19A3605E6E40F58AE87ECACC1757A99F08948067
                                                                                                                                                                                SHA-256:F3BF93C676E37BD7A7B51BB9C597BD988F47C0591064E55969E0AFE339EF695B
                                                                                                                                                                                SHA-512:EEEBF0ECC9ABCCF81CD4511284D08A0C09413CF6D990E6406208C1B39EC7C4F6BEDB19696D2B026A1F1BB85E7851E942B3ACBDC9BDBC765FF0C9A3348D6C4F2A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ.................L_.............L_.........I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............V.w(......w..V?,....N...^................Ht0...G...%...H........f........................................I.qk..B.....LZ............V.w(......w..V?,........V.w(......w..V?,........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4........................#...............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 88 x 574, 8-bit colormap, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):19920
                                                                                                                                                                                Entropy (8bit):7.987696084459766
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:DRSgtAxJx7bzvAsVSqQElOT4uHmpmvNYT9aPU+QtsC2LgfIqJZnbeyRB:DsgaN7bzvAsVdK4uGQFUZ6bU/p3
                                                                                                                                                                                MD5:1BDAD9B3B6DE549162F9567697389E1C
                                                                                                                                                                                SHA1:5D9C09159F07A3A9BDCC6C4B9BD9CB72D0184E6F
                                                                                                                                                                                SHA-256:0908A4CFA23F93011176D47F45843E9CA2973030421996E8E27484781F54B0EC
                                                                                                                                                                                SHA-512:475040779AC247BB5C3E11862FB55FBDDFA12D759EE86A33E11BC1F3B656D6CD0F9B25146C0113E43E1D8001D8867D3BC3BF7E6FE21F3A0016CB1F8B70B7A15A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR...X...>......y=h....PLTE..................................t........iw..............................................._n|...Tds...ky......................................................p~.....................................................dr.................v.............................................n{.......ap}..........x.....z...................u......................|..Vfu............r.....w........................................~...................Zjx...................................Yiw............w..|....................Xgv{.....y...........................jx..............\lz.........}..z.....t..[ky........u..y.....gu................................{..........}.....u....................~...........y....r.....bKGD....H....cmPPJCmp0712....H.s...JfIDATx^...\.W./.}....Sy...(..4....D.-.....H...% .$"D.Qr.......`..;...6...N......s...^...L.....Y{.GQU`..~...j....{...-Ax.K..&.....F..I\i..
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                Entropy (8bit):2.9174101415298175
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:4CsOVP10oNdrqt2IoNbAE1Lgq9NVSL6MhwHXI9JsPpyI6rdMrHTgkFXzVzb0JFme:4CsAdrqT/E11N0f8XI9JOsRMHUkQ
                                                                                                                                                                                MD5:2D66D67275881FD318C2E6C013F4C99D
                                                                                                                                                                                SHA1:57B9D525B7D8B5D38634277C8F3433582772891E
                                                                                                                                                                                SHA-256:574E0F5A247B4E411211633B8DCF7B0F7F378433834418BD60056A27C614971C
                                                                                                                                                                                SHA-512:AD4D96023226DD867D7DB7B406AA7EC3AD20DB4871710350CB918EE8B6CEC16FD63874B9E09BF9037E632601E2A6E125AC58B72D638082B7DB39116C73D2BB5B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>...........v.......................................................................................................................................2...>.......H...v................................I.......I.qk..B.....LZ~.c.....~.cF..E.....H.Q.~.cF..E.....H.Q.~.c..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'............./..E.?.*H....7....N...^...............A>.b/+&N.\....D.........f........................................I.qk..B.....LZ............/..E.?.*H....7......../..E.?.*H....7.........~.c.....~.c.....~.c.........................................~.cj....~.cT.]..~.c.....~.c..B..~.cH....~.c..B..~.c..>.)~.c..J...................;........4...4...4.."..............~.c.~.c.~.c..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4.........~.c.....~.c....#~.c............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):179460
                                                                                                                                                                                Entropy (8bit):7.979020171518325
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3072:oiKXvL7lv0am/R1vrdH+9dK6zPQ6bbnGDpcGGDNMIOIMAT8q9Vc02Q57S4A+vMFz:+vlvC/HvgA6fGqGGJlO1qZ71W6CzDn
                                                                                                                                                                                MD5:4E131DBFEC5C2462273CA7B35675B9D9
                                                                                                                                                                                SHA1:CA037F444D819A118AC37D7AA3782B9BF94C1616
                                                                                                                                                                                SHA-256:2A4A3530D652E227DDD5ADC096A95F6034718F7C380B07DB622022D768815059
                                                                                                                                                                                SHA-512:C333ECEB1439D0238BF44FB7896E62DBA4C645B70413AA0F99C1F10E8DCD20C2EEE5C83F2E9DDE9A2494C85A6D8D13CFFFC4160E2F598E17867015F5244D656A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!.1AQ.aq...".....2Rr..Bb..#34.....CSs.$5c.t....%.Dd.6.T..u.U....E.7w........................!.1A.Qaq......2."r.3....BRb.#4......CsSc...$.5..%.DT.t67d..Uu...'............?..c.......p..z..i.....z......kj........F>f......3N...M....RM.&..-.~.Q..'.....q.a..w...-~......g.{..&.......V.n.D....>FS!n.....@..)...W..q..Wr{..J.gf.{.M$.P@m.,..9..&m.D...w.._...-.O........s.....h.k~......(.K...V..l.-...+.9.k......*......#.p#.O..9M..mF...C.......7+.AI....4vw.;..H......e..Q.u[.eUK.....z.....[.Kt...s..Lf.4..l{.....sh.............=..;..iqkj.m.a...NH......v..H..$..q.y......c...U[Mcf.......+...S-...^....4..T..YtL.x.v.;.....<...Ik|B.$.s8......3.+.8.l.. h.:....%B..W..I.QRS..,*x.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.369982088381113
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:6sCYExTlYaiZEiXJ91JERMnF5y99El/JHV/0:6smBYZGiXJ91JERMnF5y4
                                                                                                                                                                                MD5:8A8FD0089126062DB6146730657E98F5
                                                                                                                                                                                SHA1:C580F473EDD4FF789B1EC216C959F72128B3B1F3
                                                                                                                                                                                SHA-256:270157CAD168F552719A458E533CE948A023841B65876A9326161942BEA5D2FD
                                                                                                                                                                                SHA-512:3B519F7E68A587E9EAC0D74886EEBC62B9C2E3118A1146338C39BB7ADC4201E0F3BCE79B4B670E8831231112AE2C1C1E7FDD1D9AB14808ED8D072E7DC90C2813
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................I.......I.qk..B.....LZN.......N...6...$.....".N...6...$.....".N....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............G.2...5 .-'%;.....N...^...............'..H..0@...............f........................................I.qk..B.....LZ.............G.2...5 .-'%;..........G.2...5 .-'%;..........N.......N.......N...........................................N..j....N..T.]..N.......N...B..N..H....N....B..N....>.)N....J...................;........4...4...4.."..............N...N...N....z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4.........N.......N......#N..............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):109698
                                                                                                                                                                                Entropy (8bit):7.954100577911302
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3072:rDlmvIWr0aRtNCfShCWBxyCHMlcVG0Ezy4FR:rDliIfot8ahCWBcCHDVwR
                                                                                                                                                                                MD5:8D804A60E86627383BED6280ED62F1CF
                                                                                                                                                                                SHA1:E23FF14B10AD0762DD67FBA3CD6EFC85647C0384
                                                                                                                                                                                SHA-256:494547E566FB7A63DD429EB0699FE41AA8998F8EA2F758D813FE3D56C3075719
                                                                                                                                                                                SHA-512:0FB19F3D00159F2748C3A54E952E551B9FEA6910D67A54DECA8D099992E50383EADB92768FF1F75CFFAE82A7A157B1E0F77A2F0BE7EC64FD2324304FDCA46577
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...............................................................................................!"#.123..AQB$..aq.RCS...b..c4%..rs..D&....5E6'..TdUte...u.....FV...7.......................!"..1A2B..QaqR.#.br3.........C%...$5.....c4U..Eeu&SsD.6T..................?.....O.C.....^..R<A.g...[....3.....r.0.....nX.S....}...[.?Z.....A.?..~~I..rY|N.o...9......!...o7r../-.y...'5.3.U.s".-.0.1......SS...&.Q.j.*.$m.e..:x....`}...EP.?.7..~G(so.......O.....z.N..<....~^a.e...........p9.?<._..|......~.<@.D.9..G..?.?z.y?z.C.U.w..[.,..A.+........s......g...G.^....pz.xY.....d8.y.X...P..O(A.O..~:._.......<...o..4s..^.^b..x......_a.....|{c...:..X.....}.._...[?..NK.c...}.<......H.G....+x.Z..|....n...o....`.nk.#.%x......-|...|7......N!=././..w.8x.".8....'x........w...,>....j[w8a..}..lS..?.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):4.327932583705873
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:ysZfj3BaibUFChEeXL9638nJERMtaSg3BUBpsEN0rS6Mt:ysZrxaibU4+eXL9g8nJERMtoxU7sEN
                                                                                                                                                                                MD5:19087A3A27FAE8603E335C9D1754887C
                                                                                                                                                                                SHA1:B77CFA66A4DDBD6DDDA443947E0825DA53589A41
                                                                                                                                                                                SHA-256:4134A2C646458F51558B665CCD531DE0833BD784E2C59CF6FED9021D482F2ECC
                                                                                                                                                                                SHA-512:E35DE81A72B3318B0D709436E259923425F7A916FADAAC403F796BF6F214F9E323A5A733B8575BA30D196F97EA9B4FE414FE9A75CFF1469F68CB619B16486BC5
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ1......1.2B7!.(.n..Yv1.2B7!.(.n..Yv1...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..................J..!.....7....N...^.................s..DJ.4.C.7ix........f........................................I.qk..B.....LZ.................J..!.....7.............J..!.....7.........1......1......1..........................................1.j....1.T.]..1......1...B..1.H....1...B..1...>.)1...J...................;........4...4...4.."..............1..1..1...z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4.........1......1.....#1.............................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):41893
                                                                                                                                                                                Entropy (8bit):7.52654558351485
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:pZvVQkUbOHxx3pvVmO5rsP5gUdXwFMuv53knzyncaXgRDqPU:pZkijV5wScXwFMYknzucaXgRyU
                                                                                                                                                                                MD5:F25427EFECFEE786D5A9F630726DD140
                                                                                                                                                                                SHA1:BC612A86FF985AB569ED1A1EA5FFC4FDB18FC605
                                                                                                                                                                                SHA-256:5A36960DF32817E8426BD40A88F88B04FB55B84BAEF60F1E71E0872217FDB134
                                                                                                                                                                                SHA-512:B102F34385196D630F198667E874F25ADBC737426FDAE0747EC799B33632E5DC92999C7C715DC84D904342738930267AB1709870BDAA842243E4C283FE5E1554
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................!.1AQ....aq......"......2...Xx..9BRr#.b3$..&..g.8....%F'G.(H.Ss..D5E..v..W..Cc.deu..7w.h.).....................!.1....A..Qaq...Ttu.6..."R..5...2B..S....bcs.Dd%&r3C...#$...Ue.............?..R...%.R...t.MQ*.l...v...V]..n...Zw....M....4..F.&&bb0.:]l......ay.r<..3.l.Q^.........I54.N2.8..2s...w..r6.......[1Zh....O...9..>...B......x]...r.\.\..v..~....y.QT.3.......=....r..}.l.....o;....M..C1....w)...+o1f.]...MoA.E..s5..i.\....miGsy..m\.Zj....I'YU.\tU6La5v.>.K..m.]1.......k..0....</5v.V7lY.e.vV.+./[....f..u{....s.}.Rb.Z.....Y.6]..m....V.\...Mr.=r...K...l..%..m^.......X.(..fG..[F*ly.jL.a4..vs..o.e..q.9km..w1.yg.....r_.*h.n..5i.-.{Y.l...<...'Or.s..Z....../JP.....\FV.S..............m
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):3.2771944958389665
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:W9FJRfUhUff2El+l1yKtrZCrBJmQEtaDsNmJ9EZVbsPJmQEtaDssDEZxlYJmQEth:gIY2pQ8jKzEDbPUErl7U/Og2a
                                                                                                                                                                                MD5:0E75EFF4612E209E5B898F25082A82A7
                                                                                                                                                                                SHA1:3F190D1685CE016B29702D614C3B3CAF944B8822
                                                                                                                                                                                SHA-256:054089B13D13588255D1EFA9F4679AA5F0A4868337FCC8D6F56F6B7FE4EC44F8
                                                                                                                                                                                SHA-512:6ACDEF3036AE9B9E1D337F6E9FD45E3F9BBC5EBDFCBA153F82037E332D2A18DFD831290D0460C1BA395F0C9EDEBE1F0D3F9F98455A3345E33CBE12FA519F9FDB
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:........$...........t......................................?....................................................................................................\........................................(......(.{......Mx..q8......q8 ../..o8......q8 ../..o8......q8.&t.D.x..2....Q&t....of.N.F..?......o...........q8......q8..................................................q8..x...q8X.....q8..4...q8......q8..$..."jT(Q....oT.9...c.T&e................4..(.....x.(......"j......"j. .N..,..3...o.......of.N.F..?....2...v............................q8...o..c.............................o.....&t...c..,0...e...B4.$........[.-...I.......9.......................c.......c..{.{J..ffriMC&t......&t.D.x..2......(.{......Mx..(.... .i.4..~6..T......of.N.F..?......o.....>.......4.......&t.D.x..2....Q..of.N.F..?..........................c.......(..c..,0...e...B4.$..............E........................................0...........e....4..................T.o. .D.o. .L.i.s.t........s.)..O@
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):12288
                                                                                                                                                                                Entropy (8bit):3.9344129410323427
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:TtsGtFlGkwfGXQETZcHRzTPfbztrjNmIYjh93xFXP6nm:exW9URzTqvrXj
                                                                                                                                                                                MD5:FE54D4774DF544697BD748495A5B962A
                                                                                                                                                                                SHA1:6BB12B009213447F2354765595E5AB4B151DBF69
                                                                                                                                                                                SHA-256:2ECC403643D7FA7B3C4CAEEB17FDBA4ED833771CE338C28B77F2B2D135C05873
                                                                                                                                                                                SHA-512:01AC11D55940E40756452DCBB6A6AC07BF4097A47644F937978E6D04916A2D6D06537C24ACD5CCA472FAC46C75008974C7BCE91812E929B2B984539432945F45
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>...........v.......X .. "..2...>...d...<...v.......@....!...........................................................................................................................................I.......I.qk..B.....LZ....;.......E.......%g.k....E.......%g.k.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............%.*=.'...b....r....N...^...............p.p...F.....Z.........h...L...............................D....I.qk..B.....LZ.............%.*=.'...b....r................................................................................................j.......T&n....................H.........K.............$...........-...J.....z...y.. x.. ...........$........2..72..7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.5............(...#...8.....z...,4. .......$>........4...4.@..7.....................D..n4..o4..p4...4. .F
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):68633
                                                                                                                                                                                Entropy (8bit):7.709776384921022
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:tapXpSTJDOkFGdJdBk/slsbfsw1imaapnbvD8:U2OjJr6b07m1bvD8
                                                                                                                                                                                MD5:41241EE59AB7BC9EB34784E3BCE31CB4
                                                                                                                                                                                SHA1:98680761A51E9199CF3C89F68B5309FBEC7EE3CB
                                                                                                                                                                                SHA-256:035B26DF61855A3F36DBD30FDAB0C157C04C9E8AE2197EA4D4AEB3E82E6A4C2B
                                                                                                                                                                                SHA-512:3EE331D5BCEE4AD5D3FC9661D4AB4053F7D351591A094334F963C33C9D0E32CCCABE9334AD7C308108CE99617E064FE848DCD469ACD8D83FBE5C4452DE523D8F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:05:55.............................d...........j...........................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?../$.W:SZ./...9.....-...u......r.....].c...@W_.7...+......v.+PD.I..-<1.pDn-\.....p.$....0.}V....\..>.~..XN.o..l(E....ik..o.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                Entropy (8bit):4.086971337847165
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:lr0CgSgL3oemQyrOs95b/jkjFw/AEJ7qt74Pi0qFOlz07GXeFoOQRXRJwu7jjYNV:x3g9w/PJDV07YxRJ2s/OU
                                                                                                                                                                                MD5:6D173FD0C13306C3C3D162B3A41C71D2
                                                                                                                                                                                SHA1:876C1B9EBE6DF678063B603BE385B5CF372096C9
                                                                                                                                                                                SHA-256:3E48009916838BD9D2A06BE337F2CC65C3BE7D8FAE0C081C8CE17059824B56C8
                                                                                                                                                                                SHA-512:A9B54757F5BC9FD7E1FB03AB11C8744FA5C22793F94F05EB78617A022DB1DBC3888CFD244BCB702E4C70BC156D53A0DEE4F1364266F8D445F3EDAC5A833635FC
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:^...>.......L...d... .... ...9..^...>...........d...h...@...@;...........................................................................................................................................I.......I.qk..B.....LZ.M..1....M..At1......n..M..At1......n[.M....?.WQV...W#:U..?..I.qk..B.....LZ.I............M.......M.......M............................................?$......? ......?$......?..)....? .....M. .N.&.M.....'.M...@.....'.M.2.M...z...,4. ...."......$>........4..`..7......L.o.w. .P.r.i.o.r.i.t.y.......................M.:.M...M...z...y.. x.. ...........$........2..72..7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.2.3.............?..z... ..$........................................2..7.........1.h...?.......?...?....rA\.-?>...o.u.t.l.i.n.e.L.o.c.I.D...o.u.t.l.i.n.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.4........?ff.A......'.M.%.M...M...z...,4. .......$>........4.@.4..`..7.....................D..n4..o4..p4...4. ..1........M.*.....M.....%.M.#...'.M.&...9.M.....
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3
                                                                                                                                                                                Category:modified
                                                                                                                                                                                Size (bytes):59832
                                                                                                                                                                                Entropy (8bit):7.308211468398169
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:HS9SYFtN0+CRa9mfJy4zBAiIJhzrkHDV2hJK:yAmta+Tyy4zBIJW5WK
                                                                                                                                                                                MD5:DCDD543A4E0BA2C1909BA095D46FFBCB
                                                                                                                                                                                SHA1:B86C89537138FE07255354202D3EAD0B53B3C54D
                                                                                                                                                                                SHA-256:28F334B77068F71F5F92A95695433B950610204A0E5580CE567DB8FAD4993ECB
                                                                                                                                                                                SHA-512:5408C3259B7F3288A4BEB04342799AD5FE3A6F0EC7E92353B29B7E7E538DFA9903B39637226919E0421BC422635D25F5F8069DC7441864DC03E1B909BF5C2C84
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H.....fExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:08:07.............................S.......................................................&.(.................................0.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................y...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?......;R~+'....xh..~.n-}.......Te................^B..IU_....._...S......h.......!....9...A}6V=J......C..c.....Ug.Wh......
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                Entropy (8bit):3.203834705642266
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:bCJfvfBK2SMie3Wrgt/g8X1pv2kYG5MFZzu95oBkRJGwvxTNKmLXf8ep+GRT:bCBU2SMiE4Qpv2kYGWQvRYix0mgeQ
                                                                                                                                                                                MD5:6EE11F6B3BEA49E68AB4726E7383F0D0
                                                                                                                                                                                SHA1:402E196770E79F509EFD839D9C74FBAECC10C531
                                                                                                                                                                                SHA-256:023D05A93A73C7842706E2CAA433130E67407375DA9D4577D934AB1B486D4DE2
                                                                                                                                                                                SHA-512:3DEBD34836D2987A6CEFF52DF9E20319D1E80D9E0D07BFBC24565B8F131F04949820A48999A5F286A068518D2C907EB547A1B5D84A7D4EE8D4E986D88B71B362
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2...>...........v........ ...-..2...>...B.......v.......@....,...........................................................................................................................................I.......I.qk..B.....LZ.$..P....$.%.Nn.=.$H.Pq7.$.%.Nn.=.$H.Pq7.$...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............u[..l...~}.x......N...^...................#w+E...K;..z................................#w+E...K;..z............#w+E...K;..z.........u[..l...~}.x....................................$.......$.......$...........................................$.j.^...$.T'....$.......$.......$...-...$.......$.......$. .L.......$.3.$.I.$...z...y.. x.. ...........$........2..72..7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.6..............$.3.$.9.$...z...y.. x.. ...........$........2..72..7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):53259
                                                                                                                                                                                Entropy (8bit):7.651662052139301
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:dCiCBBenRYWDBCipMYGTbYGLHbXxoP/qEF+MU50qyJ30h2W474S/Aq/xc4674bi5:dCiIQXBCiwbDLHD0/sFyVel4Pi4UgE
                                                                                                                                                                                MD5:2EE369ABB7936F8C28FF0ABDD224EA05
                                                                                                                                                                                SHA1:FE9D304A7B49E31EAE439369ABC548E265149636
                                                                                                                                                                                SHA-256:FB12D59B8BE911247BBAFDD416852E8B74B028005A141CB4DBBBA109B4B6ED2C
                                                                                                                                                                                SHA-512:5CF396CA472C32AE988600176114106CB1619404DD899A3867A5AB43DC90583B771EF69B14EF50E56A21F038BF51D8463C6ADD2DE9D4CB523F6290E24A4DECB3
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..AQa....q........"2..R..Bbr..#S....3$.....C.4v..(X.DtEUV.....cs..Td.5uf'Wgw8Hh........................!1Q.Aa....q.2...."R...r..3.t..U...B#S.4ub..C$d.5Ee&'7c.D%sT..............?.....?...k,lk^...M".Yo5.Qp.&s}b.m.:...W.x}.*.a......N1..d-n.-..^..b..TZ.W..."....F....^......ve5...^...2.:i...........~u2pK.z./&..u..L[I....Y....@y{|>..MN=:....Q[..H....a........|%..4fV....).....^.9b.f...F...p.=.W...aZ.........Z.t.n.....z3..[..lVh..\.N-.._.sK.y.._e.G.jig.a.7^....u...*.p.5.a.].........u/u..D.yl.XA..f.z..~.x.....N.....b=.uv.2.t.'.N.-.H..n.v.a.A[.Z.....T2...._...:....h..l.E..sm..a.3I...RE...fWb.Ek.0.#.)..Y#T...........u{....U....s.].7_H.2.`O6...P......}..4LR....]4.mid...
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):2.601370556591631
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:5vurfdC+lX3Gh+3rJalMV3spblzflZzljz:lurT3Gkr13ov
                                                                                                                                                                                MD5:C74CF0FE9FEF5171FC0A8F033EAF71B3
                                                                                                                                                                                SHA1:6F8BF5A353AC6010950FB23B65B814D86E0E2E34
                                                                                                                                                                                SHA-256:CE2D5DC4EE72B52B3CCD977913DB4748195BE2F83F3A5D69B8876A38CFF61580
                                                                                                                                                                                SHA-512:13138CBD62827E1F9B1AF313BA5687DC1015831E25E49E284C182722B74B3144728574D6AEDCD0189F41617237BD4DF4F9C5695FABD216D061DFE7C1414591AF
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...........................................?...?.........................................................................................................................................................@.......@....VF...|..............G..`K..X\.i....2kd...-g..H.P...2.0.w...V......{D.0.w....G..`K..X\.i.j..............@.......@...................................................@...n...@.`.........8.......T.......a.......h.......r....................4..~...1...(...(.......C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.\.r.o.o.t.\.T.e.m.p.l.a.t.e.s.\.1.0.3.3.\.O.N.E.N.O.T.E.\.1.6.\.S.t.a.t.i.o.n.e.r.y.......S.t.a.t.i.o.n.e.r.y.........1.......S.t.a.t.i.o.n.e.r.y.................1... ..$....S.t.a.t.i.o.n.e.r.y..................G..`K..X\.i.j..2.......2kd...-g..H.P.2...........0...`................@........2..s]............................2..c..,.........................2..c..,0...........h/.{..G...q&..l........................1... ..$....S.t.a.t.i.o.n.e.r.y...
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2278
                                                                                                                                                                                Entropy (8bit):3.8585756726431875
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:uiTrlKxsxxaixl9Il8ucQU9XuQ66Ivxec+Iy7TcVgd1rc:v6mYFcXuQ66IvxDg8X
                                                                                                                                                                                MD5:AB840225F505BF651A06F252198C39AF
                                                                                                                                                                                SHA1:B819B4BD5201E41CC10DA19F019C2CE8C054DD5B
                                                                                                                                                                                SHA-256:08BA8C9F87FA55B0D8D6E19559C0A0F71DF4629BE81B5A39D5AB528C4B029B70
                                                                                                                                                                                SHA-512:7208D56B49D84AA47B684AF0B809158B943223F85A28290A383E63AA8A8668447391A79A13F9B91E43B9048BF401D7C4CEDC83037C861373C887608184D004A9
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".C.J.1.m.u.g.S.o.z.s.S.9.x.S.Z./.Q.v.O.c.+.E.J.4.u.2.c.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.B./.a.E.r.a.f.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.b.C.V.1.M.V.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4542
                                                                                                                                                                                Entropy (8bit):3.9951796427092803
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:lNYFbcAqNWlZIKFeBsAE78S0a32o/t11ZzffB0WOrNeO76PD:PaONIIKkBQ7Oa32wtndGeOeD
                                                                                                                                                                                MD5:383C5BF1BD0F9E4B57241450972C94AD
                                                                                                                                                                                SHA1:178BE03658D5E206A1BD99E38DB12CE3C5D0F48A
                                                                                                                                                                                SHA-256:B8A7736A42F474B992E674B9EEE7878AA50EF6E330D4B4AC831AF7F1326319EA
                                                                                                                                                                                SHA-512:A04248034FB66DE22953F42E221EDBD2D316801202AAE1A2B6A1CB607524F8B97D5EA7DC338861C9BCDBB27BC0459BD203CFC8C5812AE93D700068C04A0A4621
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".V.q.Y.a.6.3.X.Y.9.b.4.Y.b.C.Z.g.f.0.u.y.E.6.v.n.x.e.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".Z.1.u.8.+.K.2.f.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.b.C.V.1.M.V.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8431
                                                                                                                                                                                Entropy (8bit):7.97659768463601
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:e95FPyZ5tmEhveKT0vuNP1z5jpyDutXSKKdjrEu1NeeH:e9fmaEh/T0wP1z5VysiKcZnz
                                                                                                                                                                                MD5:E116D305A6062E433F81A3441A503118
                                                                                                                                                                                SHA1:633C75DC7D5C456C7FF3B6FE925D87E6BEF86C78
                                                                                                                                                                                SHA-256:67CE8361BC8D989EFC5CE88C31DA93F70278E4437D911F2A0A981C69E8202A38
                                                                                                                                                                                SHA-512:E7306F43ABFFF38F3078A45E96C5DB030DF7BF7D8AE0C84A6D6A4B7678758163A85B2BC58E4889FC8F63F79CBA4D228F80D7E3A526D4870056241F52AFFEC7CE
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...&...~.Rn.....W...<."....n._}...:0..H&}>=.,.az.j<t....CL.m...q..9Zz+..t.....(.fjx....X!3.2Q.....e....s.Q...a.........I...I..}.4....289...Q.)J7~..\...R..:H..<...... l..<W..Y...k.....L.r.....-v.......fVHRl...z.......y.<.G...E...|.X~...W..`..\). .k..-......?.*.....`........I.$&7.BOf..I.WQ.S....s....%ft..rZ&~.N....|e/.Ar.N......D.%..R.....o......WJ.!X3...?.x.W...g..."..o...%..q....yL_.>..i...5g.'.XXkN.dj.K..v..._$r)A..|.!...'..7......~........4.t..56rxb.........0..'.>..*.....?.y....|c.1.|G..rP..WL.&...3.4...&.._.o|..\.U.........._.\a...m`{'v.`..4....~.l6[!c[C....9.:..P.....6kZ.E(...se....;^.I.<p.v..[.........E47...dh......xDd......@I^./{.D...[.avl.....Hb:..*|..L..F..>.n-..3..B.P..Ao..'.R.}~w..l...=.(.R."bX.3.1..V...b.'`2...!.g."/.*e.2R`bV-.....Tr.y.^.>.X8h...h}..9..\..tz1...s^.@.p.&.....-.......LzN.2.....x..A..)m.?.l.q...BX6^&xEDfFGYXA....m.%.....Vh>P...@;.K.....^".0!....w.x.f.."_..!.&.ib...\....r...v...0*........k.S%.+..)...J..b9~^.4..g..
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8431
                                                                                                                                                                                Entropy (8bit):7.978348841802438
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:3oj+qlpXj9RNvbY5CAUSurzTplupiczfnh/z:4jNVvyXMdcpiS9
                                                                                                                                                                                MD5:12A324BD4D93D9DA804115B0210FE769
                                                                                                                                                                                SHA1:F6A5A329F9568FF742E8F84C87A92B0A3D3D85DF
                                                                                                                                                                                SHA-256:31B38BEAB466337C7A487D6C6D99E43DF2C3FF653F9EF747A229E42FF41385DD
                                                                                                                                                                                SHA-512:774EB584C9541F955118ACB1A5999E7662CFDEB100E855167EE6319643A5CEBB3CA8DAF72464F19E91F379D6C0A6FF6850A6319CF7661FDC19448178763043E6
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:K...........1F#&}..n...%.8....U?.4./....Em...-Y.....+...4.,g...%...U...N._5/.Zi.@..k.....o(..\.w..C..K;.@..$.z...j5{..........*.#..!W..v-Q.>X.B..P...j=.&.....t...i....,..@..PK.3...h...`3.]7.6.......e.. ~N0n.*Z%~Y>.hO>..M.z..._?.6H1.......N.D<Y...."..#.....:5.._Mx.S.3~..8.-...Q.a.L{Oy..r....... ....!.6..X.l.r..@....n.D1)....y.x..0.V.....;.....$......%.7.\..[..>3&.X..j67P5B..`.s.".+...ns.br(...k....A.$...j&..]...'W...+N.Y.r-...l>.K:.....*#.KF....O.........*z...QjN<.Hy#..L1$....].._..U....k.j..W).1..Ad..Zb.i..^X.ce....P.5<.....4AT.mR.1..y.;.n.......6@..P~..M.[.....1..&kl.m....)2-.A07...)F...v...$...;.=.jx..QzO..m4..Z.....A.V..+......G..B...m.X...!.m......'.0f.B..R..N..X1..|..-...LK...dk.Q...M.....KI$..l.5.%.YfmTT.^.G.#....]"..E..wS..f./......N.. >........7A....m....{.(...s.ci.-6.#Q..../..*...P.cE.D.(..>.<..... .Y'/.Xk..k.w..S}..1.F....3~.#I..h....R.u..sty..[.F{....,S..../.N.....29)....>..v[I....".)^...j....l68r......i.\.[$
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8431
                                                                                                                                                                                Entropy (8bit):7.976410470677939
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:/vOFeB6KaThxTCw1CHSIQIzXGx+Exd0y2ghz4fmGem:/mFIAzCkCz5ath2gx44m
                                                                                                                                                                                MD5:959490A6E60B144DA1146193EB6C6F84
                                                                                                                                                                                SHA1:735AE3C491707EBA01B724C4DDAB14BD4B7C8FB7
                                                                                                                                                                                SHA-256:3849D6110BCCBADF5BE422B8103E01ABBC111C4328AFEDC6D830C5697B14D595
                                                                                                                                                                                SHA-512:A1CCB3152DD7FE72983EC3642F8584DF06444DA02CAE2DE8408BFEABA13709FEC2F46EE0F41DA6BBF7F21FC1FC9EF93E2DE2BDBEDDDB37C6F416C7D986D956EB
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.]o....R..y.n.R..=..p?...#>$p.V......0Us...4fX.o.|..h..'...NWa.D..M8.7...O\....X...V.p...Z..L....!..|......_...!y...Lb&e.o....9.]..F.tU`..m.?....B*.=.Q..0.....z".Xq..,:z.I..`Hu....(..mM..q=.&..[.|..2......m....b..Q.0.=.%65.j....;...|a.[M..6....Zm .l.:.hS...).:...=...d...z.l1.s.F.,D.0Wc....y.7....UK...p..w.....X...Qj7 .\....O....|)....n K[L.=X.8z...opuL.T.{...z.3.._{...,....f..'.9.Z.^....~.l. U.R.6.....o.9..9m.%Y.* Ss......'....U.l8i..s(..M.$.=...y.m#.I~ ..*.....?....pl..R...A7@..r...6.cHl....x.....-:3...`....(.?QH.Cl..d8P.f..E...(c..1.,._7 ^.....i...m!xHw....R.%Wa.A..j....HbG..(.k/.z[.5Kr4|.s ...3.7...z..".N..y.....6tEd....vV..4...2...y._...2.4..G9I..7...P.........".P....K.gD.H@....W..f[n....s...)..8.....l.7t...F......#.`\...8......}....Xs|Q.p}p...2.#..b.&.u....y.lB...#..r.'.0.._zY...........2...O.....t5.b......Q...:=..s...........6:.{..k.%...cV.R.v..-M.G....4........j.BPP.|ut.K....._);A....x.sMY(3.zLd.../...\.r.+....+1%.q..a.....y F
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8431
                                                                                                                                                                                Entropy (8bit):7.978146604286292
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:70HSvkannToGLad74534+PwvqcFRD4b2NDVzG6ZgfXbwynk:70HcTnXg4invVF9NNmfDk
                                                                                                                                                                                MD5:C49F5F5A67814E2D5371E973AFF37FC0
                                                                                                                                                                                SHA1:C6C9C9876C3164FCCE8A93E4EC4926DE7E70E50D
                                                                                                                                                                                SHA-256:2730DD8A095F051AF6D4C3314BDEA765ABD7885B8F7E4A5C63881997DC1B9607
                                                                                                                                                                                SHA-512:3C1E00DF6C8DBA4892B48C69BCF344E02DFFFC43ECA1479DC707331F551599F48D4D46EE5D632F839EF19F91D2283EABBEE1FB0840D2AEE826F8DE82ED6E3B34
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:m........\...".a.K.h.uQ..A.3...ND...}$a..._.).?.3....3V...m..<.....^.O...............v..%.."8......E.Mz.e:7r.....+v.C....,..@....r.:S.).=.?t.N......sb...........w.AN..z...@;....t}(..!.C{Fnj......{G..! ..*.^..Y5;........7;+.Rp<..... _.mQ._G@.S_..f]..g{j8.a.hS..w<.aJ..._....$...&..,....d&....H.=f.T...x.....q.6...Wf._k.(..[.,7.$~.s..-...X.s....FQ..M.=....E..#e......./q!.Q.xv....y...+.dB..[...$P..[.h..Q......[;.I.t%....8.LJ..Iq.0.H@.u.Sl...k-.....`...............w.C..J.bJ.gb...1......$...(c.C.X...,L$%.G.W.......p.[I...P...V....Z.c.'.7@..U...f.0qd4T4..}e./.b.....k..D@n........-lC...Q..{..!~..5......-\4....\".8.u.....^)./2s..es..Q.7.1....N...H.QT&K.C...yP=....kb.)gn.......~4sZ..@....R.pC....4...<.k.hCiQi.>e..7..-h....B.nH.. ...T9....^...K...\..'..\.../2?.o.....yH.%......N....|.?.+(....,:.*.2..$Z.....8.3...q...'.o....V.'.!v....I..7..#....6Z.J..%......T3Y.;.Xs@\....x?.......$s.....-.`...`{....B.....e\....x..NP&.....E.d.D..s..r7...B...@.G;.....p
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2639
                                                                                                                                                                                Entropy (8bit):7.923242749218667
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:MWoW8lMcj2PRXB+A/6uoOy0VjExPamz6u77F6QBI00E9LMxsxrI1q:Rjca5B+ABnIamz6u7x6QBb2sxrj
                                                                                                                                                                                MD5:B9F6091C3DB318A93B674403A88FFB61
                                                                                                                                                                                SHA1:3D72F52E99A5B31F47FB285599D25B21CA3E66F8
                                                                                                                                                                                SHA-256:304D759D587B18307609B01739F7F9E755251A2BE29FEA82AC03B1C3656CD8CD
                                                                                                                                                                                SHA-512:3587ACC1AD1813C67D877AB857D5E2B4B7F0030D54F9E3B7C1F2ADFA8D24851C9ADCE5D9A31E6C7AF80604BA76591B8A6D13C90AD8ECACF13F7F7AFF8CAD2F3D
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..lq.3...i.&......V......]....RZNV......w<Ws.....P...x0%.p..i....L!:`......]..`.yc.$..c....*..!......S....|.oM.......?.k.......].g.....c...ro...5.../E...,.....Oa..;)|.BLz).p.6j..P*$....Fb. ./}Z-..[..h.......II"*..AXN......G..R......?..i..8...!.X......5..i..Q....f$.u?.t.a..o...!.!....s!@j..:P......k{+^e(.......%^.yoNW.n.%Q..28...7.I...V....E...0+.i..W=.5=..|>3.g;.@..hs;.......y.1.e"X..6W....y.o.M......6y$.m.F.g.bR.Ci..9........+....fSM.i.2..V...=AhIi..I$/N.)r$}..D}vT.T.<$.H..F...b..M...K.N.l.,.`..u.L..|]<............7.....N)2.S..w..9]..L..$v..Y..J .O.bz.r9.....5..v.I..Z[..z/..k....B.E.1......<.....M..'.O7w..N..".VU...fxb...u.2..c......mB....M...?e.r......N^.+C...L..#..n....;N .j7..P.%.;......X..2.3..[z<..c9.B\..b.....b....m..lSe.Fd.YB.j{S7Zp..V....%<...".)D..,..&...4I3.......N.E1.U..]lW...+C...o.*zc...f..).../....^......p.....P]Ei]~.3._^.0.p.....r.4S3O&`.#....Z..i....6..LO..V...#..p(.1..B.^..."...T.2....&.!/.7,... fY.o...)/..)j..}F.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1866
                                                                                                                                                                                Entropy (8bit):7.910467994927988
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:evtUlFG5O9VM4RFwcqO4gVcJs5tYBDk0RQIiRjcRNxGDzkBz36aXJP0JHK2xs:evtUXjjTLPPVUqtKQxRjWKPk96UJmRq
                                                                                                                                                                                MD5:ED51EE6D9292CA02B521D57D1F4CCF75
                                                                                                                                                                                SHA1:0AA5E6A315B98B2627BC0048E3B2677E7CECE780
                                                                                                                                                                                SHA-256:4F038BCA1072689930F76AE2C2FC01F67D634D10F3E3C46D87708D8C5173B450
                                                                                                                                                                                SHA-512:F4AE4AC95EF90030366900499BAFACE1D68079A0B9FEB7DF2D0157E849A935E09ACFF841874CB5CB04EF0C2175630CFB999113C138320A53DDD12F582E2A4325
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.gx....y.......ZE.L.n......b.xy..`...to..p._ifNl........k...mg'.d...@...z".i...h,.h....N@N$...vc...h..-.++.x..U.]...X.Y`w....z.I.....o;..^...5.x.&..j}J.5z... .b.....ep..E."..r.....Y\..H....c...^...../.6.5..$.AZ..:y...o........,......(..X...w*,........aT?...8'....gh}.D'.P...e&..n*.... %...m...........~..N.m.C$g.~...=..I$M..`.....<.....E#.VGPy.l......Z....p.. ...nl...;.w..F..)..hFo.gt.).;q....1...<.K.n[..C......&...e..X..T..\H..YYQ.../..(..S.N.(tY......yT..+*|...&sV.n8p..)..i...>ua.....N.%..d._."..W.>...]IbM..Ln.@p> U=Rr....6$-.S.7..Xq..d.Z+4...*..c3.Z....E....2i.&..=].(...3..g..i.....k.Q.Dv..X...v.4.p.~..E..Q............m.e....../.... J9...m.......4.8....2pA.....>...9...W...%....fs.-3ke......$..............'..jIw.pxb\j.t..}W.\.....x.hF......6^...W.]u.,.......4_...Z5M{....m.._.9.yI=..M.g.X.+T.......5.7e..bD.".=B.Gt*'.L..$t....y..4UE.r...+......ad^u..!.o.n...w..].p.Y+A(8.Q.s..C.G.S9.t.~..K..V.s.f}"gk...a....-?Uyfq3.5`$a...8.......Ah;.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2647
                                                                                                                                                                                Entropy (8bit):7.919074703517305
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:tqyjJajzeVmkSAr+3+8Z8pRwfTdP/lhw3B5IFW76nJ2q:txLmkSAr+3+8Z8nwxP/lhwRgW76nJd
                                                                                                                                                                                MD5:CF1690C5C827E9B230C09DD3363FFCF4
                                                                                                                                                                                SHA1:B8EBD7AA4A6983719353EAC664096C26A3212E07
                                                                                                                                                                                SHA-256:E9718173EF9A836C3ADD9AC993DABA5028FDDA50B1640B77D2C3D54C82A1D69E
                                                                                                                                                                                SHA-512:6DAE5A1293F0EE8B51AD4D85EFC5288CA28C1379E5DBF7837B60A19AF77758F075B1DC09FA1F351B0029987CC185FA21B74095053C0A8F0EE66803F9F41D030E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:xKoD..+.N...m...... .=.=m&..a.>}.O[.`~.....m..s?8...N.H.J+/..G>..K.G.B...^...P..<.o,.7.....1....~...)..U.:..D.x..w.g.....u2..Qr.(.....z......#..m.~.....=.s.1.Em.........T_W....I..`I.C..2.........I_|..H..r......S...G..v.I.._...e.4.MsU..Z......m..8.........U.......@..?<.4b.#.......=4.....>.M..P.%l.LDLf.....c...,..h7.UjU.W....V)..%..r.{...dH_.rIgBT...).9.|^t..,LY.}w7Hk_.oDY.7.T..."...F0.;.S.Sg....7,.IZE-k.:j.B..P......~.K"m..M.......v..}.G..IZ.l...s.E......bU....pks^.....5R..:..h.....H8-...j.`..|I......./..z...3.......@O.^..&i.....g..\.Y..z.......,....].....sh....^.1B..AK.g!?.&z.]5.m5..).5l....E..J....(.8.Q.............9Y....b(.]...[....W.R1..jw....k6.d.*.fF[....E..wq{....6....d.....Z.....nZ=..x.~.@5..;.....(.'sP.d....!%,..zl...c)$..#..).T$..,..}....jv.?u.{{..B!...L..+|...(..Y......xy......QK... ..LR..0E,..[..K(.5...9.H.$...!F....Zo(..$..pH.Kr....=.....4.>..`$[%..'....J_%..HD.a.SbGQ..'.."...w..d!-eY...7......6.X..j.,...R.-..!.@..DE4]
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1816
                                                                                                                                                                                Entropy (8bit):7.915076009098942
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:keEienvpZqupJpkNoNTOYlSoFicANikg0IzioBm8CFwzaCFUO5XPnvW0IkcI42xs:klvqOkWLlGccC0I1m89Np9XTIyjq
                                                                                                                                                                                MD5:1296C3FA7827550613DA92C559C32AB8
                                                                                                                                                                                SHA1:3A419677BB99D98121039A116053C98EC09DB659
                                                                                                                                                                                SHA-256:1DBC148573241C9DD07CD8AC6D19C8A68071DCC41571E11699909D16B95E2E92
                                                                                                                                                                                SHA-512:0137A35B72E0463431332A0B4C048FEFECE6583D03D657BC73D127C6115D1C4E51B3C26E5D685A866F3A98B556E7CDFB9B879B9E9BF4C22B871654EC4BE1B970
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:Jm.,.>..7.Ix.2...p...8..K..|..#...Hs.zC.T.....5^.o.}..........{H.q...*......2...h..D.!1.Q:....7n.q......~#..E6.Th....P.IS.......\..ttg7...5.>?0XA.q.w.)....z............K.$.)R.9WR.V6....c7.."J..~Sa~.K....|<.v.^.-.....W.............................#....^H.,..3fU...J.PO..X...z.vtE..vo..S...#.....>...y......&N..A$v.....^.#g.?2x"r...M..i.p.R...n K.!Z....1s..[De.w..p......n.L...<S....7.dh...J.....HysyA=..h'<..9.t..?c.4$.H.3..)....(j2l.1SF;.Zg.p.....v...q2...k..7.7..I..-......$B.8..._=.I.N0H...q..I7t...5x..9...i........i......u[.......v.7....*Z,.g5....tP+V..).D.O.P.f..%j.F.(..$.l_Y..6.1..XK...v.....J..&.......6(T`i..,.!~..s.'....(....G.z.=S.....k!..-...U|.G.....>....K5..."._.A5b1.NkW...sq...w.2}.%.....8.|...m.).*3...x\q'.kZ..D.,.Y.(.|..f...gx....`.....^ow..>fl.. -Lp.].1...N..E.oh..[..d.....A... .dau)D..Jfr..#.5Q...,...X>.Y....mO.U.[..>..ZZ...B.. g..X.......=D8Q.....$....p.e.E..hU....r...`2..!...d....QR.....U..W.......\...t..m..Q...>O{..f..L
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1799
                                                                                                                                                                                Entropy (8bit):7.889839074416827
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:1ENBXs7zG+Zu3x/49aF4rZC8TL4+j+O5q:uWd4xzFV24+jtI
                                                                                                                                                                                MD5:CE9DF0BB39097B3A221D72F3890823E0
                                                                                                                                                                                SHA1:0B7FE7F9CA9229C5A45733F52BFDA8F4FF938C33
                                                                                                                                                                                SHA-256:CBD1C943D525C4CBBA67EAF71593890C39EFAF7DC0B022F4D7B9B72484C324FD
                                                                                                                                                                                SHA-512:69EA5BD9BAFE3639AF4F13F8C876D5E2CE817E4EDD5426C1B07E0B32E1EAAD03643AB73766F919E1E00FDC93D809BD0CD8BFD29C73CBF2E7A5224C32D5A2656A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:x9.Jq%.{h.~.@e.5$. .....l.v])..E.4)ZVL.!p.3=}<......#m.yj.....J....Q...~..b....!KI.P.i{.De&.&* .r.$...\ur.w..R.{..t..i).X........|K..$........0^..v.=yRm..D...<...q.d-I....G....k..6...#..Af.[..a......;T.x.%5....5..e.(?. .........V3}_......n...:...G..)E..T).$.......8!.xO@..dB*..z.+. ...Y...Po.|8.&O.]g.V.A.Q.o.@/..}...}f..>...B.g..;I..K...|..w..9..w..4k.....(;;^.K+0....{......_uO6bO......c...NQ...E.....N.j.."..A.....t>$j..qZ.V...+....R..W.PhP...-[..i..KF...@..H..7W.N.../[.P..TF.(.a..7.BAHrB..*f.2W.....'...ZL.Y..,.B...4.]...L}?.)....s$.X.lX9..P...cD|BbqKEz.e....k..@.^.......E.2q\.Gs...... ..C...K...."..E..n.SC..)w..z.....w....F0.....B6.d...b1k..f#...W/2hi..O:.Q.^?..&8..Lv..+......6...z..q..v...........@.@aeP.qi./..qzyD.)2...n].*`.)..e.M"...~.XnxQK.nF.,.NGp3..><....F!.H.O.y"..-.......u2.E.....#:R...:.M......X.24.x..m..h..<.....i.Ge-z.Vu..V[v..p.d\...M..Wb....K.l..G6.s.6.A.......;5J.{..|T.d.%"W...$I.R...n..t.Fk.....'.5..r<J....x.Q.6.4<8..mC8.......p.|.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1352
                                                                                                                                                                                Entropy (8bit):7.869527087706596
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:G9HehaiaPBAtoxqn9TQ8ZAaKvjSAihESRI3sKRBtq+r2xs:GGp9TNKGDhEPxABq
                                                                                                                                                                                MD5:E77D943B8D0FECE60201DE8BDB5FD4D0
                                                                                                                                                                                SHA1:744F076C62B857A9FB33B171C19B4B54A9A5E71A
                                                                                                                                                                                SHA-256:D8BFF9D699BB08D3CF6B8BD6C330C6B219FDC14E629C8FFF3DDFB85F70077778
                                                                                                                                                                                SHA-512:0866B685ABBC9111A2553F5003A248751907BD488ED57B2AD153BEA6792377DAA329E6156BEA6409773A7D20B8BFBD248C1DEF602F6C7FD84DA42949AB52058A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...R...d.i|..T."..Dd...j...s.._.....q.7u..{p#30...H8/.%..s......T..l'.3...5.R.....C.HG....|K.....=+."..P....8<.......E..4......M.k...X..nA...E$.Ns..z....5....?d.v&..%7.`.=..p;.._@(7...4.a$...O.)].0...-...;./ E<]...qI.Yo*..Ly@..&.....+..$.lI.M.........wI..)...[.sMPO.f..@,....&...N..e.S.J>...85.]..).....8..9.b..hYK....;...t:.......D..2..(....17#6.....F.J..'.@.....U..h....>..._....s.A......g.uw. /y'\'......r....0}..0.o.O|......q7.(....6E'J.&.{J.~*&ZP$F.u...5|v...?<.hf5~.u...........{x{.d>..I...M|'Hv=.D%..5%E8.2@....r..SCo.I.Q.r.St...};..w....l)K2.vT.Lo.z!~.2O.q.).0.}.v@....z@J.-.y.{..)..>9.Q.C...^........t\..+.0O.):.Na.~.cU8X|...Td.&.$..%=..9r].).........._{..q.~.&..G6..<...#?...f....O..g..=........"Va.........t....|h.D..U.......#l....0.. w.|...8...ywp.`.v.S....$>?v ..c..s`... ...cT......=^..O..B........E6.......P......$....@.C..^.-.r\....bJo......p.......d4o..V....,.y...)....R"..WP.(......"ZGK...s.u.}...o.F.....n..#.2c..... .xb[..kw.q.$..d......
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1695
                                                                                                                                                                                Entropy (8bit):7.888309482401029
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:JMTqcqow5DXr6ksaCpaUYYHfvH4HS1qV/1ybq:Omcq5uT1p3YYHaSGyO
                                                                                                                                                                                MD5:446F6A61476ED3851931D17E7D0EE442
                                                                                                                                                                                SHA1:D35EACD63AF941CC321311BAE7D5385C27CB3EE3
                                                                                                                                                                                SHA-256:943F9624BF79EA09DD0DDF5562D31FB9319C9C1746DBE5B33876A1D7DC40A9A2
                                                                                                                                                                                SHA-512:4810023E66B313FA1EF37FC676227EC5E7A1BF21A970DD8A5609D10CAE211E61735A9AD0E2F7C38EC895BCFC43319256094218265BB01B5C279FC5C6D6FDA97E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..Q..Pj........<..Q.U|...U..mPufZ+.tzr..&.a....w#q..F..6b.mB.nQ.....z.. .n.7*l...d.r'..K....e.C...."...x.x..\. .3.3.mfr...._.DO.5....Ri.s/3Q..{......_...?.s"j"..x(."...u..P.[..B.....Z|.N.r..U.d..E.h....meF...,<..1...D....D......g.s..._<.*...Q.?.q8....{.bt.Y..$..HM<.<uh...y..;.T....t Px...~......8..#D.HU..rc.S.-.I.(bo$.'d97.....q.-.K#......9c.. ..I..E......d.gb.......ax.c9....]......Yy...)...;.vSN.0v_J...S....Us.a.q..2..=.;2..M....g...>..%2)..F..D(M2b.dLH..3.G.t'..J..C.lil.|...R.".d[A#{..tv.1."'...X8....Z.u..;9.[..BG~.,.cl..,..c...YeM...$..c."..~{.r.."..HiE,..:.@...#...~..5.....6...D;...0.\T....{.....n..0..5]..K|$..^`..y.>$.!.;..\.E)i.u`.<..{.q.q...x....z\..7q.#.y.SW....<..'....eR.......E.Q.Gv.N..=.Wt j..Q1...@U.[.'.gWyx...Zp*.\|I..n...w...\.r...'|.Io.b.q.S..W..P....?l....4.U.`&>.....#\>.O0.M..|gZ...2.r...J..K(.....JiZ"v.V.@l&......x.}.6.....f.........+.}.+$..9..v...X#...!1.....S....4u.`//..(..#.q...l.k+..\.__.i...uT...|jdl.v.U..(!...wd.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1299
                                                                                                                                                                                Entropy (8bit):7.840949832564547
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:oLlRh5I8+QmqpdhVw6gW/CxtcfSQz0PwfQCCqWxdwyJJ+YzHOS2xs:oLP08+gle6o40PsbjK7rsq
                                                                                                                                                                                MD5:D0EB17DE212911A9D29639A7ACFC6601
                                                                                                                                                                                SHA1:F3D7EF48D0DA41F01C63AF19E4D5770F2DF94350
                                                                                                                                                                                SHA-256:1A0B91CC2F0988C70C8231C43D2EAD88B828B981BF2521F5D9E8AF7FE2DC7E19
                                                                                                                                                                                SHA-512:FCEA44125D082E84AEC9E3224EC8F490C48CD4C8D0BD81AFA925936E3B39027418EAE2773A686558860558B028F4D138A1EBBF7D8C8688F7A7A73DC5A1BA2C7C
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:D.mC(".-.?...)..s...T...M..X....Q..e..\.....^...f.W*.VX.z.C..rA..r..<;.....HF.X...OTzH.>.).J..9._.Ga@l<.Q...M........X+ZJ.........|.n...>80..t.}s..gE..:...T.]E....8N..k.%....).... ].`.a..1.@/.8..-.<..49-k..5..c.F.."...W....)[M5\...w.TNL........R..=)<...+.$..P..s......=y.rP....Z.!.?T.=B6].....t.u.9.Yt...:....^..V..p&.c....m.....[.3...U.u.....G=.Pm\..(..J!./.F..g9a.....L..T.)....BD.....5W$;0.-.De.qi`..h<..\.5E.........../..3l...#.NEv.,./...q?.\....e.Z.e....q....=/..W....J.{....v...e.qH..gag.kd..e.....{..L..c.2.Y......F..x...........n.+l........z.Q..P..E...........5..*....;.V..B.....V..p.n.Oq2`...~.Yh.p@.s...{\.^.{.nw...G...Bp%a...X..Uw.uL.w.......S...0?S.[..DU.....=Bu..;..>}...N....Z.T../Q*|.6..!?.L..,.VqP;..%K.."FBY..S......>........F.E.....2.....A.i.>B.u.m6..M(.Z.9..z......uQ..N...G.l....E.a.jY......!..9.1...b"...e.I2...D.H......*....o5.....bb#v!...`.=.5l. ...t+.....F..ld....A.v...E.E...1.....d.9...?..2...%.%..C.....Ck..VM.&Q;/...:}%m.L8/.`..@
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8431
                                                                                                                                                                                Entropy (8bit):7.978947793080575
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:lhHj0AYF8rI0QElPxEc+KF5XxD/l+bRO5ONUUEmDu:lhD01FKQElPxEQFvD9+bQcT6
                                                                                                                                                                                MD5:D80FA8432A93ACC793E5BC008F2B547C
                                                                                                                                                                                SHA1:939E359A707F587A879E28F038D6FBC50C6EA0C9
                                                                                                                                                                                SHA-256:381D5A2FEE1C9191E456B4BADDB2FAA705C86B27AA5583EE4C69B6ABB77081AC
                                                                                                                                                                                SHA-512:76ADB044B9952AF990A22F127FC27B47B8754C7DC85D5246979E47E381CF3C8C8E20A485F2DADC52E0BEE222CCCC1D6B01406C0AE94BCEA9C03153D2DB4775E1
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...f+.be......bS@..~.........i..z.g;.M.....h@.....^...S.w....yNE-.....V..S..~e]...`.^.+C...+o..h6./.~..C\nF2A.o..+......2..E~..jE...\:.e......~{.E..5..5.r.QA.+......;..2y.HH..?....J.-.4Q..%.-^6./.Y...J....Z.1...<.... AIu.P.ZY.x...49_.).A.N.]..{....A..O.h..;#!Zt..U...........2.d..Mc..4...?.-=.M.2$.../2I.]....@.a....U.(...G.&c.4.o..j.2.i..7.. .x>....|....}.9.....(..w...j!..E.X...s.1.r....}.o..Z.M.Sq..:.......w.}.k..5.?.......%0..0z..9O.[.g:.....M.gi7.+!.q+.5..0..[..8.S"....7...........;.......k........qh.^.z..}..(b...`p#..@..c.B4."Z.K....N..fm.."Wkf..9|.@.$..&...a.i.K..u...Qq.|h(;..@.....`..Bn...~..xU...1.}.J,..0s.p...%..=.r...%e.{.4..U.|A..J.G.*.1j....h .@.....*(..f)....{OK.....:.3.D`..*...4...{..X....&.....i...f..OQB.$...)Q..>l.........c~5..a....@"..Uf<.O=..V.......`.O%[.......m#..Sd......d..Q.\.....j&?<..T...i=(.6.@.....v3.j3X.P..z`.a.Pq[r.'~...n].3.*.z@ND9.$;(...%~S...G..T.)F........MRK|!./.2....Q...Z:..,..............n)..q(.xURKy*.j..D.z
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1573111
                                                                                                                                                                                Entropy (8bit):3.6201306651713248
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12288:0VGrAr+NMW4Enz0of0qEbyVZRHh/VF1nL0mJFmlf:0Mw+NMWpnz0kE+Vx/RgkcZ
                                                                                                                                                                                MD5:BB2BDB15B3D91B186775CF70966A6002
                                                                                                                                                                                SHA1:19BC6085FC49C9485B6E94BD383E8BD9F7361EE7
                                                                                                                                                                                SHA-256:5A2E1B18533437204136A1D2C93AB36F6366192BFA24D1749F9111BCB69E75C8
                                                                                                                                                                                SHA-512:B57A0F17198AEC1A71A16CD42E166E139934F6FE703B68BE188C2F7DD5ABDB334F084BD9AA35715099B920000BBFE007A4CB4F4E48867A7F5B8D6DDFDB91C91E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...m..9.K<z.....R..'....q.9...(UU,ku.t .h8./G0#..2lu.].(|...u.2...c.O...~..DI..n>'\..;.^..x}'....\"Q~...{.+o....'..F.......+K9.'4ht..:.....N}...C.Z..6.s...A.,?J........P.......{........M..X..A..df....NL...tg.=.,.O.(..a...0m...<?..b..~KY+\...XjWvA..<,B.k...B...M...;U..b....S.;<...s.l.L.mCZy(t.=....0\z./.n.;.X.l........o..a.....}t....H..o..c..7.d..>.G.\. ..[x..a.{..S..=hz...e|I.....r..W.C`n...QS.\..0$.~.i...0.$t1}.-.F./k}i..t..X!...j.a$"............).....h!td<R~S.4..#...........X..g. ..D.....'[H0....J.....0.5l..l.H..`.b.._..?4.....3..4...3.g.a...g....=.t%..y,<.~..<.5....eG....}...MOv...T.....&..e...V.......U.?..m..#.f.C.-..N.....s.l...y.....Y..........}....o.gA.S...@..3.O..C...d(Sq..{.f.4u....3U.....:..Y#..5......+r.;r.='.).`-...Ix{!........g.sO...".y..+.....2.{.......%.V.q..#.[..E..7.#X...F.. ~.....;K.D....K..._..:C.c.=aZ....8.K..$..W.._H.=0}.D-.BmdS*+.... ..P..W+....M..h4./.J..n...[Q.%.Z...3.L.#..]....i%...x.{.....G.%.U2..nn.J..
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):16632
                                                                                                                                                                                Entropy (8bit):7.989959514094963
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:alqp/ExZExw10RMPlrx+pNgGC6L2qeq3gV00ApnQLjN:alYqZE219PVx43LdgOjON
                                                                                                                                                                                MD5:96DA342BA677E14C4CD5D57A16C9224E
                                                                                                                                                                                SHA1:80C9485B024269561C21DFF7FE0E07D54E22CA7B
                                                                                                                                                                                SHA-256:7F5E9EEF2A00DE1A5B332FDB83193D7D1F61661C20F82A7884C3ADD36D80C112
                                                                                                                                                                                SHA-512:20FD2832F9386FDFF9AB02842CD614A445E2FC345F26596C1058DF9F815A12CA9350A5AC7CC3522841BBA27C5F8582F75CD880BA8671BB8DAFE130A1CCBA5F6B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:i+..1V..........6K.WE...|...........p..C....=.c......l7..j.uF.i.dm.4.GH.."..1.s#Qn......Xy.)m....U...c............V6'_Qiw.........o...}.X.*.n.P]..E.x.?)...5..7.>!^.l....\;9......w..".;.(o.a..-.M..1..=...'.E6.Hr.?..+....b.ke@.'...t....L1B4.B.n.....w&.5.L..Q..i#W.%.....S.+..{.._7Z.-".).$......W..4D.i.\.....`\..............g.6....8.z.7..>.%.3.~.....+.C......<..;...X.5.......s...#..N.[y.x0.M@.Y.[.cJ.^#.8a.....].m.w.h...L......A..Pr....s...t..q...q.#.R.6..,Y./..B.F3..;...h"..k.U5...Q:..-/5O...'..>.\..E.#..hvGjW...#+...qh.X7%..W..+..[.....A...O.._md.....<..........x_(..........EKX.hlK.q.}.,..k=....zr..Yk......FE..Ni.y..7..,..p.q.9..0..Hv|.L.....*!TC.=&.........hac..lA.s/....E.9b(h13............<....U..f...%B.%....C.E0.Zy.........@g....y.s.9.....^)=._:..}.`...^s..v...-....?.....=..l..K...9Q.H..&.9p.....eK... ........_.x.ON.....j.{p..:.?..T.~9Y7p."....W......(..r..P1i.l..-..f.U..h.......D....l..=.@...tXy.T.bFu....9....V"...X.+....>e..S..@.`.@GQ>... ..,QVN
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):107444
                                                                                                                                                                                Entropy (8bit):7.998343478248858
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:3072:8CtO2QNbW1n6ZAyP5Lobbrz8yrmFBPwjv3YwHzuh:8W6J/5Lo/rAyrGCv3YwKh
                                                                                                                                                                                MD5:7AD3EEFA6617B28DA8AE467153F9AE48
                                                                                                                                                                                SHA1:743CBC19623566D48B31AD604B7BE35B8CA2CCDC
                                                                                                                                                                                SHA-256:6EFDF5EDA5D43ADC19CD585306A2CDD79205EA9D55806DFDC37EF1D68AD0DC10
                                                                                                                                                                                SHA-512:DEE43C917E9F02BDA894F69F9CB8C4B1207B1CDC85251121A5585BDFB4222C60F13679E5342F1A680DB3AE2B470EB2ACE31BF8EE20EA177A5F3F5346D161BEC6
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:...........].(../.....R.......Wgm..^dY..f.r.}.Bw!..a`...I.._y...L.*.-Z...}H.|:.pH.n/v....y.H......L'.z.X..kT.u.....|...Ba.)..F.$.....,.6...H.ur.M...y....w.9,x.;...:z'7..0.HM(..9%....(U......fK.[.@.8..4x@.=.]o..+Z*wh.?..&..{..-9T...gx...9.x.SaK.V.H.9...C......Nlz.*;c...{.+..*.M.q...C../.L.#xj...|.e.I+.......4)..D..'4.J?I....%.....b#.....T'...7......`.....s...i.V.#..N&.m.3o.d.s...w..C?%.j^..>.x.g.)..}D..L.H.28..$.c..5*V.Y...&....h..M...8....;.,..........k.h...G9.....\.T. .Q......wj....'e....&./Xr.B.?....l~k.9....I......p@.j..u3pB..b.....a7..2...,X.a.E..n..\;...iY.i\..2`.1.PSx..1.......6.......4....]e..<[.{..h....L.....,u.8..b4[.vA8. m.z...{../..'R....{...ht....... [%k.I.% ....yJ.33%../).z.D.Y.....-....h..?Z.v&.....5S'..o..l.....Y%...B.\.............b..l..N+f@c.o....U.&...2.<......cB....B#.u.. .Zi.jTj.lF...aA.6SjG.F.S..e.4....$.!.....V.:..Q..3+P]}z...B.>.'..../ @.[4....z.........J.........$M*.f...,.H.*7(.e.=Z...\...............-..
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8431
                                                                                                                                                                                Entropy (8bit):7.975905105737501
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:ukc5VH67nf9kmZ5HtVWHqsx1fFrLdtRWVNRx5EHi4IjK4czj:upf6TFvH3WHqsHBRn+GHiCzj
                                                                                                                                                                                MD5:8F99236CE1935C41635C91A33371CB08
                                                                                                                                                                                SHA1:D68E0AD2568EF802842F12A458FC2AE2BE650ABC
                                                                                                                                                                                SHA-256:D6610DF4F98CF10F8A748E30AAE4BCFCB12796C81D8F9EF923D708184546A0C5
                                                                                                                                                                                SHA-512:76D34FD62CACDEA15AAF8CC90DEA484ABF788B959C29A435A18822FC06C0A063D27AC9105D2F33F664449566CDA97A070D3A9574C11A17197A14C693956AEFEA
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.P<.B.V../.....y._...l6.....U..7R_...j}v.4.e......{.....<."t-..w..6(<T...[-.....AZ%.)]m.Z....-E.Y.^..1...On....&G.A....Mc......+..7........qxo.".Yd.\,..KJ....A..)...z.0.t.*$..`".'....)2.1ZQ.r.RS.u0.@....j..j/.OiS. ..Tu;.......J...U./T..])..+{.">@..........T.=.'QW..tH.......%]ZN.bC.....n...<...-.D.~s.Hz..>.....]P..Lb.M5..c...^....\"a.#.h.I....Q.c.d..n:!.Q..#..`..r...y&`...*._5XAW..lf...M.TP....'Oj...8..l-.,b.H.)..E.."2..Y..uw.<&..8/..s.B..P.K*ZC...\..H.7..~tzv\.......c.....R.6...."..A.-oFC{.m...j.c..gb.....#.....5.^...2my...#.T&....._..+.D.FJ2.J....8....Ak.....)KjN.HL^....=X......|b..@..)X.zq.}S._-b..j..b.....F.....n..6...#.1...u.{H.g..#...e....F....Gr...Z../.8.'.89.b...L.-J_......FL.1.XB..:/...b..!@_.......).w....0%o..X..G0g.c.[|W.S..^.t.E.W.....U....4{....-.EN3.l..6.}.>."A..7.b@JzSd...U...7.].3.:.D.J...)..z(..&cP.....XQ..~..k..~)".....Y..^...$.G^.5...EG.?.<....S4Hm..^.2Z}...'..w.._.7.^*..m.._L...#K...H.:..........:.|......D&`(.............AvT.^
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:DOS executable (COM, 0x8C-variant)
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8427
                                                                                                                                                                                Entropy (8bit):7.978745696087443
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:IEt1ASS+oE7umS2OzMehEhcFlmnG/l7YEgT2yRyAK3S7MVc3E:IEoSSXzKWMehEhc3mnO7YEwz44T3E
                                                                                                                                                                                MD5:00C90BD18E4185D11CDFEA69D5C92DAD
                                                                                                                                                                                SHA1:FDC4FA6A0F075005376629F06514DBAC29F91612
                                                                                                                                                                                SHA-256:B8AB090EDC254B6F573328CF8623AC1CEA0C35ACC6742F0613D7CC696230726D
                                                                                                                                                                                SHA-512:FEA7326AA42540D33B15AED230BA19A75D6764ED98CB32D134FE519505D252C29596B90E82507B577F50A4D55F185F67CE5BD164D0F6658459C53BF5C59A4E1F
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:.o......E.]T.Y.?..Xd..7..]....o)...7kQZ)...%..ncG.e.......TE.Rl.D.`.!u..Q....D.G..n.X..i..TV....'|.V._".<..Nt.uK.........\..<\QY)x.<..tU...=.".#..bL..Ta.j9xm.HU%..b-...P.7b....F..k.6...|"j.G30....+|......]Bz"...r9.Nb...\u#..s{.r...?.R....A..G.;E..H.=....W.G...1..GZ.y....V...+.0...+y<Z.......8..>....+1.x7u...w-...#..R....<v.W..r.vXr.....{..SV...\V!Tf......h.y..+....wk[.....".....""..}...E%...z."......+f...D<X.p...*.5"........GV.k.^.....Y...|...3..#................es/.sd.9.\S.g..K:.Wr .....W..MRS..@Kb..Q%...)]f.\.&.Y...%g#...Ys....+!.l.|...n.4{X.t.P....vL.c)...c..ulT....si.h.0k...*.......L...D.vC..p:.:#...L.... ..{......3}*^.>..w.....J.....v....;...a..c.en....f.V..1.."bw..g..3L..f....`...)^'..p..=<.e..d:...ac.YW:....u.m.....B3._._..ig.J.Is...... C....=......g.....R.2.:.....).T......y...&L..^/Uj.Gu.4,.B"..\......#..6.q..}i0......f..[E.."........$.......]...,.s....-......G..X.'6..........U.K.:q......r..!.t......Q.......$E(0...36...W+.....j&.7..gu
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8435
                                                                                                                                                                                Entropy (8bit):7.977981317887366
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:McnJDpAexGVMmnT4P40q8jBgzSk7mz3z29HHeND0Zfm5Q:Mcsex63T8Lq8jBgek7m69HED0ZL
                                                                                                                                                                                MD5:88A3961AC53D26CDC99CE91A47BD24A7
                                                                                                                                                                                SHA1:10B921A73A6115FC979E339D0ED2AED1150D6E60
                                                                                                                                                                                SHA-256:ACDBFEADC1D73BD008A9D431E573E8C06F123CC8C2329444B655A3F395FF8EA2
                                                                                                                                                                                SHA-512:9B5EA550D6CEAE78CF44FB5CD7066C5CA03BB7BA65E54E2F24DAE3DF0596D4BF9A72A28CF4751820EBC199C7A8319B46FD923C3B510BC682B8D78B81F461603F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:....;..,...S...(.<m...5.L.k y.....1....R`....n....`..(...\.#.#..5'yc.......].@...R.........0.....f..&...n.~...I...V.1.g.b..g}.`..iO..eElIe.P.eHu...ia....qt ...oU...@...I.....'.....0.mqs1s.A.....r..c}$....7EQ.1..._6\......B..v....?.3.....u.<.\.0...%VXT.Z...F..Z..A19.Up..qX.....1....zR.C..z.7IE\..p.........mE.n..............P^..[x...@5.....'<.t.pvf&Z...Z...Z.p.=.=<IU..&.NN..s%D...Bd..oZ.%.K.}'.Z....D.?,.0v.......R.....y..|*6.Bg.I.}.h...J0.~.p......).F.CDwM....?#..2........I...riq.<t.....0..........6...1..S........Z.[.mE*_5.!.Z.O...u...D.%.U..#....X.Q.v...1._.4l[{j;.|0........7&..z!..\.....P.o.b.n.._tI....F...U<.^MP(..p.5.J..`...c{K...}..e.+.....R.WO.,.(...Kh.0M.F^`.|".w..}....o..Jw...C....)...%O..W...hK..O......1..6.Oa.]..{jy.....Q..?j6......,.2q....6(.....c.h..........sN.W.... .D;.g.@l..5k"..P...c1...#.;...~.Bn.A#.A.....-gd..h..yJ.......<>..........v$r..i.w1Q.3.}.o.I.....)|%.~.....(..dv.V..E.....>4.2...."..y.jt.Y%%......)..TTx....x.#...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8431
                                                                                                                                                                                Entropy (8bit):7.977518507768148
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:ZNGKv+yjLAB0z8Gy0TNVOa+yxgWdK1J9SMn/+9lm1vO:nGKv+wMX0TNoFyNdK1Ldn/+9L
                                                                                                                                                                                MD5:5AE7B6E3B6A28EE031C2CF73A2E88EED
                                                                                                                                                                                SHA1:6428E048D9E604E3E801989BC4722E2E10DCF539
                                                                                                                                                                                SHA-256:F17BC6EB6AE9DC0DF8D0F7601F8FD655B77E4A1E1FF4D768BC6285791EF4752C
                                                                                                                                                                                SHA-512:AC6B5C63714C4EB48ACAB68DF37B3C8F912B6F151CB57D1B18DA1C59A1E91374854AFF5368008318288B0A7F9C56B14F5A82A9F9A0B41425EE4C80ABF89302A1
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:$.4.t.e..8?...?....l>...D.9?...s.F.sX.g..#.hV...+.W..7.....R...?....\..._.N....Mm-.H.>UZ.LO.<x.0D....=%LO.u.@~.av.E?``...iC..Ti..3..v../t.1......l.+.\@.G..<.......w.{'fU.}...5.w.M.C.....(.+.3....|.....={.s"^.I........b.x..V.H.x.NW....e..*..$.(..A..t..1T..y.....B..Co.+..)RO.Z....J....`.|..+.."..<...(..+..x)..5)..S@.'...x..o`.....O.3.4...>...7...,....O........f.7..P2.p.....gs.g...#$s.......a=Q...*..S....0..nG[.-.. ..C..f*(.f.B..P........n;..D.?P[..f.....5.&F...M,.r.S.6.H...<.*.P../......K..L...I\..a../..F... -r.."\..........|...Q....kf0.U..4...0J...{...bDCMy)...`B.2......}...&.h8f.r|..........l[K|U%.3ZKk......~...i.kZ.X.+p.j..C...Z-.K...pv`..!.A.l........'uyz<...r.~....z...w../&H.d...V....o.'...H<UB.l.x}t>\..&..i.l.m.g..%.p.(...W,@K...A. 6!..ko....N.W.i`...Bq).}(.."e{a~.]..V....6.$Wm...s.,i..I..k.BEQ0rf.i..z...it_..s.%).Sq.......*..;...J..W.g........k.z....X+..x.:.........s.{.6..@;.....'.T3...8.~lb.`E.....k.$.NLx..Qd.<2.@[.q..p1!t....I.06..
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8431
                                                                                                                                                                                Entropy (8bit):7.976802454082344
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:/Xi6e5XqPgLdzZ+FNeY9Y4Zt8/HEi1C7EVzZsumpeEl9XE:/ij5XqPgpZX6j6OERueEl90
                                                                                                                                                                                MD5:0106BC1BD28E7481191762C7CD87F457
                                                                                                                                                                                SHA1:7D362A2701C72057E58AFA3AE8D6D4B395010E9B
                                                                                                                                                                                SHA-256:B609C51B9B8CAA923A792C4C8F17713242E50F9001AFF8FD27F406635CD5E956
                                                                                                                                                                                SHA-512:85AA5424976D39A9FEEBFCAC81A0801B916240A7E48DE4E4C9FF53E274B6CDF03C14EDCD36E5AD06748031214553640C8B81683C060CA6D9E78CBDD064560FEB
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:hS....Y$....8.s...>.I....R\ ...z6P`..d$.N.An..z.U..0..(.....6..pA.....]V...A5..)......U.n.$.Z.PeNL.3...'x........'i0..>3....,sA4`..C;....n....:...t............zfwM.......@.....p.+........B.0...j.#-YA.4.k.)........m*..H...O<.c.ZT..hJ.W`+..`.*.".v.R.t......6......F..Mz. .. ..fy..,..xb....|*..n....g$.$f...................~.}.......5{.Ii..).x.=...j...`......V*N....Q...i.x....19.JN.B .[.edG..2.<.......N.v.s...W...R.#.9mUN.....M.Y?.......dT;.E..r...h.D.._.J...wEj\..s..#fL..K.-.i..|..3.@.MW....v..K5=M".HX.l.F+....5m....@G.m.3..W...s...C..l....A.A..xG7Sl..z.....IN....S$..4.....D...Y;.;...,y.-....~.v.....).....0...V!.oQ...r...d..N....@.....`.g...(......bF9..>d8......~nP....XJ....M..~...&Z...\..Z.>=^. `.%5.......X..L.#.0...2.{..}q....c..........8Z...........n...O*...N ..*..5......1.7.a`..7..M...7.9..6......m[.6c.t^.[...z.../...n..6.i..x0.o}......k%....R.4..+.3.L}|....B.A%.U.X.=5........~..G..N|}..g.vbV...... .F.ts........9...G..GC.......~....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8431
                                                                                                                                                                                Entropy (8bit):7.977796191985229
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:SEnNkkw1uX6QdftuW6n7XcSej4BkqDpWy5iSpOHCnYaXMRa8XIhyG3z58t9CaSS:RNVw1uhZQLZeBqNWy5VOHCYaUtIhyGDg
                                                                                                                                                                                MD5:9B8FC5CFC6D3D18AD00774E265946EBB
                                                                                                                                                                                SHA1:D2FD187E1BD109BE182B57D0856EC57F655C411D
                                                                                                                                                                                SHA-256:D18544FB30D5A21B42C893017393D881A2151E0B3E854D966143CCCE48AB7C55
                                                                                                                                                                                SHA-512:27D47E5FA4DEADF3C493E9CC1D98D641A040C0DD9319DFCE9A0C9C8EAE95F6B188AE1B7C354F934DBB00A91FF981F0992FA621828D01D4F1039A90646F5D4C29
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:1+h.$......eu...3&$....?p.).m...)<I..m<~|\....4.....z._..b...W`..r....P|t..u5\..{.ff.b.]...a.y..B^...9:.p.J.P{mz6k......10......yUX....:.G...$..c.....S....&.'.g.aI.#.E.s.G..R...M.7.2e.+..b.'./U.Zt..Q...[..+-My.N...|..knd..m.._..8%?A../0W4x..!..m..W.....`..."..Rb7...]E...8.z..*v...b..b......6.z.D.`...)..d&..&...._...B.s.ZSh...q.=..o,.*L.>w@P..@.e.!.eW.'l......A.:...8...y..{...i...~...Ev...(.).....3..t./....P.fb]......W..H..A..X2.m3.....a../....{..}.....EA3.-.....>h....;......JX.%{V.fS....0.../...~..x.5...jS.H:J|.sFO.....M..~...n0(WM.g_.....t..`M.1.'.J1bO.../.......$.....7x..]l....zv....c4d.%."...r..V.f>n.Z.}.iL.~.:E.#.I$.5.(...[k..G.>#H...d...C...4...=.........SgK......P.&.-....y...a}-..`..d.l....:.^Di.]..'....^.n..].O.@-.k..mJ....VW&/[.A...y..^.J...x.5..F.I...P.|...G.D.................#..SD...c....mK.U0.m.*L.P..7...-h..W...f 4.z....';.N|+..5wL.^.#FJF.4.sU?..;,....PDx...*w.|-z..(.j>....iS.....a...{.....Mfr..4...6{xZ.;5..0*....#.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8431
                                                                                                                                                                                Entropy (8bit):7.978890526573224
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:dLXkCWM1HZsYyoVRoYfHyhKh4II24tBTpvwyKX/HIdeysIeADowebUYA1iwusnkc:adMBWoVRpnd4LY7v4FPpcyEsklho
                                                                                                                                                                                MD5:4F30C88714562AECE28CF8F4A7E15A7B
                                                                                                                                                                                SHA1:0BF6FB8F97C840182976CE96B6D56874284A77B5
                                                                                                                                                                                SHA-256:7C7EAFABB4BC317CDE0730A68DCD530E9331B0645B6D951AF7B6D36123614D00
                                                                                                                                                                                SHA-512:C355B2EE18BDDA87D71EF868EF1058E6A0344542F8A2DC733A19C12B7A9287AB8B7162944C915E539962BE000104B85BF0FE341686E9C6DB11E5198DF73B38EA
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..y4ek.ua .......)..}....I.e.B....P.@....r}MT.9.?.W%...".!...|._...L$..w.~.i4u......oD..K.)......7..+1"]..K.|A.[5.~_......?.\....kV...6.uL...+$......./.e.tb%f....!.......>QK...(.q..W.iij...o._Jc.Q.K).7.<bN.iR....co2|...Z..-.U.$.1.2h)'..u+7......8l..oc..[.U#.,...w..g...i.P&x..gA..j..p| ....@........._u..M...2..<....+g........wE,.fciW........${.i..../..H.....l.x-xy.4..Zw.7f....Pc.>.".....m..j.K..]..u.6...L.3.M..gLF..qN.7@fU....}f....n..c..I..3.a7;..UP;.ha.e.|Pf.....\...........p........W..wK....*....e..G.....p4.<.H....\F.g..q.._Dn. .*z...&.olv..-.w..&.d.......$..;In6-Z.#..... .|..@...w.......0.e..*..N.._..l]....y.....U.vb..1...=........a....}..!.di.K.>....U3.q].BJ.`...2.8.S.NC|.=oqm..31+~....'.{gr.m{......$K..&.w$.......Q.]Um.U..i*..x.:.z...E.k..V....?.e...v...\.^-.....j....C.....k%!..(~.6.G|......,..w5.......D.....s.z.s.......|G.......1N..(q.L.[v.6...C..E:zC].l-...|..MJ..#a.s=.|...~..#..*.=..r9.I9....G#.v%.{.~CL.\$A.c....".-.6...:...$F...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2044
                                                                                                                                                                                Entropy (8bit):7.90567847443605
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:PxJ+X88Q4XVB3xVbPyvbK2LSGUTR317ajS7SYgTq:i5Q4XVr+STRV0ugm
                                                                                                                                                                                MD5:D416A3EE5A55C660ED4488F3B9FFF7E3
                                                                                                                                                                                SHA1:0466C83C5EFEC51E11EFCCC0A81D3707DA348A8A
                                                                                                                                                                                SHA-256:11B96EC61D150355459EFBDFBE11BD7C1D7B0666C858D95ADCE9501F33709EBB
                                                                                                                                                                                SHA-512:65CB5439FBA363589CF3EBE8E63BC512832FA5BECF7603011008AE11FD26A8925B175D7623C5BCC1514B668991501B2CB6C95315638C0B4C8559E58CCC061F5A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:`.S"".!;5..VF~`..#.E/.w.<..a<C..P...SQi....:.e;...A.N....E.OQuHUd..~....8..........rZT....".......R-X...&Y.c...8..gcT].-1. .hlDF..h.TU..M.z......:....y........m...Lz.3.h....*ef*..9X.Bo..1.P.....S.6*....j.i.B........^.....a[t.D....C............U....y#2.X.~..W.......>.b.....@...42.T.|..$...cO......0..O.iCV.xPu.8bL.v...0.a.....(.E.W)....!...<p.x..v.4s...&.?..f..B....|../..`..4}Z>|^Q...^._.5.p.+...8.";.,.@#8.DIw4s<f....g.!....D.|.82...Ci..l%.....T...R...d.qzX..mc......}ia.,e.o..m.Pm...f.5P.....8V$.d|.p..4y. ...D%./..] . .q...'.o.6....!......G......S...>. ......f..O.....3..G...p......Pf.{..-...Xi....?.yX.c.>4#Q..\.Pz...(.#..mRP.(.#{.>:1!i^.m.........E.T.aEU{.0..k...GD.Nk.SwA..v.....&o..b..A.........AC.5P,iF.r..@.....BcM.x.1.J.U._. .Mz_.k.(O;...,...i:G+..*3..]Z;.s.l....@.P|.3.......E.)2v.....l...)J......x..v.;1...#<z.qW..P9..vaS8L.8.R.......|..T...=7|~..HK............}.LY.....5.Km..o.g..m..Vn.SI./.++........&..l..2J..0(@......&.\..E.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2040
                                                                                                                                                                                Entropy (8bit):7.906320547245585
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:v/FbryOUKA0VTQdb50nBdSqGnM0Zw2MyxLudd032TlAiHELq:v9pUh6TQJIYD1ULlvke
                                                                                                                                                                                MD5:ACE37813D37BBFAF4BEA37C89B976C99
                                                                                                                                                                                SHA1:A83A61DEB361F3022C3CB22B20EDDA21B523D7AC
                                                                                                                                                                                SHA-256:49C566690358BB9EC8428C880C6E8A834876BB61D17C86905A03F4029C442A46
                                                                                                                                                                                SHA-512:E8A76D3DF21BA628A8936D940D9AAD1A177E38B11AF543DF045F95F4A98549C203A13254B0129735304EA2F52ECA2549F93F3BCE28CE2238FD7C26BD58022727
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:o(....X..r=.G..#).......w.L..l........J..R.m.@7.J...[..C.J.y.......,........I.~.....V...@...IB.F6./..u..O......Eg...YZ.......L.......^8.....'&{S.&...n...gH..3..9.h.@..>.<.%.-....K....;A.J..{f.-x\...%.:..+...,.R..C 0.f.Y\..b)y4._..7.h!Xh.."..r..MH=....[46...%..D.. 0.:..>.]).<...=.r!.D4..#2..tF.?....o..U.h>P......_..;.).....;.L-..)P|B..8'Y..U.?.S...M..L.`..Q.x5.u....j..,...;..w..V...7.~R...f.mY.=...e.v.}.)...&...g....#Ci....].E..g...$.D...wyk..FLc..w1.u=a... ..4.9A...../kV...9.^.i....Z.L.x...#EMUg.R...S.E\O............T..JTo.k..m...].......;.2..ud.*|i=...z.]3.o.~H..4H....{qR...S.`?...h.A15=M...3@.j....fm.t.....(...4.~..........a...4....F.>Od.X....;%..f..l.~NT......x....T..d......O..N.....".iP.3kpO..N4.-a.o...>..3&7..73.\.....W....6#:6?V..#.`.C.u....r.HV.\.j..h.......c5...`7.I.j.:l....?4.P..I...=!).J^........2.?b..^...i..4.M.}3'...N....Z..v."....A...J.=>D.e.=c...y..|.1...s.^..=..i.Y.#.K..H}o.],...`..a...J{.. . ...;.!...c.sO.v.^.U..h...<.S..c...t
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2044
                                                                                                                                                                                Entropy (8bit):7.902168172987402
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:Izv9p6rCy1AiAAyaCm1ojXoPPJhEG6Fkf/RyPPkGaGXOIMq:Izer7rAAyfm1NPPJ6PPPLgI/
                                                                                                                                                                                MD5:7AD5D96B80B47282D1D417F41B080136
                                                                                                                                                                                SHA1:9499AE0D992908A5A8D2B4EBF8BECCD3D14CA290
                                                                                                                                                                                SHA-256:105BDCDDAC993506465025369945A0014A87B2EF9D13FA98C324C81C81B4DF59
                                                                                                                                                                                SHA-512:024D14ECF50FE5399AB3B922D27A24AD9359F63A0AD3992D882D312E1B99FACF3C4D4CE8A790727FFC72263462E3EC16681B0EA2857E6FB34998C07F5750C020
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. j...{....z....l*....E.+.R..0.i{.vy..H{...Q.....fvU....K...Up..I."..&K..G.P...^dv(.j.r.h....i.m<|...;%.Hd..Hp.TwW...HD.:......].2.:.y.,.......9.X....\."\=%..Fa..r.L..+..#y.AW....W.\K.X..^L..a.`.......|B..*....p...V.Y..~`.J>,....}..S.t.&ZuK.D.P6.hr.K,.>.NY.~S.2V..,V.]^.P.'..G.kU..G..k......s.bw.!...]}X7..[.s.Fb,..V..y...T...g`.!U.....Z...y.2..q.1..:gG.Hz;.@..X.}.tZ.T[......k..J,...q...>....!.....+2[d..~..9. .]D&......$z.P~.h.E.9...q........0O..5R........t.K..~..._..._E.p......k..iV.W. .A...P..|......4.<.<@I...........zi.;.s.i9.......ia.h.J...}.}.=.<G....../A'o.r.Y.),zG.....n......)6...\0......p..Gu.5..Nm....."..}..3..............2.....W.5.?..N&...([P.$CW...q....c.8.n..J."..L`....9.}.E.?..1u.r\j......4l........5.GA...2..SR.p... .mHgj...]v..^.......Y..^.N.u..b.<E<.1....y.%>*..q.....f.G.Vr..a........%+....U....CR&,.. .wG...Q.-,A0../".J.#...[w...YO...:.Uc..H....1.gy...h..w.<V..;G._.DB....>.m.4.me.....q-'/....2c....)1...f....(L.......H}...D
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2040
                                                                                                                                                                                Entropy (8bit):7.902577178569131
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:IAs05cnuwQ3UAV4smaWdCA8NicAe5R4YI2mYSpdq:1sxnI3l4smaWdCrNay9Sps
                                                                                                                                                                                MD5:E52C62A23057F3D7A748D764E62FBC69
                                                                                                                                                                                SHA1:5E539ED0CF069EC4513DD12478088DA567ADA66E
                                                                                                                                                                                SHA-256:8902DC23DEF0416E9D8E4AD28657420263BAA9E06AFDFF986CDDCB9BC8C9CD59
                                                                                                                                                                                SHA-512:3EE3AC4595B02C81223DA2C08E2BB6867E266DE9D6EA8DB33D6F70DBF1FAAE4E908E83AA7E43E2A6803A47455CF3F8E19FDEDB297A7EFCAFD0F6E5F5201446D3
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:,.S.../.$.,.......... . %qr...k.1.\|d..x..~5&...._d.g.C|...7a..{:.....O|..F....9:z:...^.,'Z|....I...&. .[..*\t\.K..K....e..../...Q 3..|.. ..E.Z..0.U.gl..~.F.qn..d..w.z.u%Lw.B.=.....J%5..1.<@.v....{.M,.(..M...+#ROl@`Y..5.BV....k...g.5"Z.a<...K...|.:...7.....cL.%i.X......B.....a,V.+.V.,).&.0.(|4.y..u.. .....0%XTo.E....C...\......z|.7...!".2q..(a&#.&..s.S..]..9.. ..h...~V.......A.'(.:G..6...i..B.y...=..?7..Fl...Y.9...N..n..`|.P........|.5~......<.. .a..@..+...|P.DF.."..c.CLw.&.J...a.*.~zcQ...#........`S/..%.O.C0..e...CU*,.mJ.^...1xw.5.@~..J.ui.O..6<.Fz=.IQ...p.3+5.k..2..].8'..Mr...T8.X6.'W.iz.].**..2s......'d..|..f....Q.....MRn@.t.w.b.&...>.#......(..1SF..yDN0.1.O..^.N..o.FF.../....._.u...s.-..aL..............T....K...#. .2D..-Q....1o..f....*..K.CB..9..6..v.I.....ko..j'...+S.@._...0./..R.l$..`.....T.wX..:.......:.`.../........kE....T....R..g..ua.....n..Hb3N5...0..H#.S....PFV.......s90.T.G.U..I....:....Ug. .=...HWX!...bX..HE....>......|...&
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):262383
                                                                                                                                                                                Entropy (8bit):7.999306480207314
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:6144:NHrnQx0mQMo1MtVavBORL4vEUefe/KF+9LV0XyyDJtkL7fD:eamre5OmafaQt2nfD
                                                                                                                                                                                MD5:23BA3EAC0C9B18EACE3A412B5599341E
                                                                                                                                                                                SHA1:7938767DA573BEFDCB9C69816BEB2E98316BCC49
                                                                                                                                                                                SHA-256:792DF42660D7960EDEED057622CB0A0241103B6EECB6D3C9C239328F4CB1AF49
                                                                                                                                                                                SHA-512:EAE05BC1A4BF932C2AB512E6C9D6CC7D8781C6398B02B4C92320DF9743EDA3B6A356BC290F85DA8CCFD69127531840F9ABA0CFF7408A0BC320DD1709A433216B
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:W.m.T.z..d....Qr.$.`.....oms......J....^0>.!...8.#z..a4e..R-"..Y1...!.....4...;_+..5.8U..m..vTu...a-....W=.I..O.&.?.H..H....Us.......X?4+.)3.a....L.E1...dua.y.....#.bb.W...'....*..........1.$r..=5...MF...(<;OKO~qg%...J/.. .@....y.!.@./....o.0..... ?"....D~7.%.-..`...|#......5d.:.x.%W......%\.;*..[..-4&(/....N.L{(.6.....M..'.=N....hw.l_.8..y.c..>...vsx!..T..N.$E..G1...v...)....4..Z..=....bY..ixVz.'.." .K@..,*.:..1...}43.._...l&...o.f.......e..j@...9~.\..FT.RH..B......zw......J....2R.5.._..I....I]Kq.g....ux..N.&}Y.z..w..2"..y..Y....v...I._4.z..#...?*...~g..!.h.....j@`.7..tl.j~.a...*....w..B..> ....f@.#.Q|...H..Lor-l.....TJw_w.bT.$.c..|0.p....'70..N.....[......7.0|...V..du.{<.:.40.......?~k...q....D.$.C~...D...+.O.O.|..~.r../..Y.i1Z....H.}..c.....V..(..0....!.l.!Y,..M...+).....Y`....V..........?-r.;.#\..h.. ...EG........n\!z.9...i..p....'......+.R.. U....c}....1.3N..)F..U.R#.`.....0..^o....G...v..[...{`w..@.V.7!-P$....F..2J...:...k..w..
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8431
                                                                                                                                                                                Entropy (8bit):7.977213227017159
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:vu5lVi4MBSuS9sNPfmLk5isnNkfmjGKzUsak6sq0dsS:vudONPu4k+qWsIq0dsS
                                                                                                                                                                                MD5:9A5134DBC0A146CECBDF70A2AF2FAB97
                                                                                                                                                                                SHA1:D8E0F2893A2EFAB3E71DDAFCAAE690994D69A333
                                                                                                                                                                                SHA-256:A185F7B1FE0B3B386AE540B227661B6C71DF718B5247C6DFF7E70F638C8EA7A5
                                                                                                                                                                                SHA-512:3C6071C5F743581344400EDD16BED1C7BA51E631733C1AC54B439344845A43981857EC05900F30D3F58532EE2E92B85CC35862B1FD948A66B15A21C635A29C97
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:S/`....4......%..HK....E.f...C3.....4....a...8..>N.....R.y._....E...R...g.<]..w..Z.....Z."..'...s.}.....sUR-..j.;O..}........s.X,bo...].l|.%....].....Ov......b.Qps@]....<[X}^BG.....b.Z.I.n.....r.@t....B......Iv..-........R....D....Z58.[+b.m...i...K..].......Hv..q.?.6I....^............E._.P.*_....w....C.....@.........W^|.....b.......z[.2....P..o.Xg6...i{"".g..v\Z#.*q....~..E.Cw.... ....?...3(.`...G....g.Q....U.o\.A..x>.p...1(.....zm..Hq...)I S#.G..,....!{:\..v.I....'....r.....$.".l..8..........Z..,....v....|z#}...R$..9.X..-..a].;.E...R...+..f.7...T...P.z.(8..)._. ..3f..a..A.....-.-...Q:B......j.EPw.7.SB........~..!.0.W........L<.n..^B.]%......^.A...s.M.>T...j....DQ..Jy.C......M.0...wv..;.E.&.5..E..UD..j..o...V.-R.+.T.H1=....|...4..Hu).`.V.<.D.q.pOTPw.JD.n.....Gl..]|.T.t=n_...w4YD.$,.w...\s{..%+`....h.`BI....F%..{.^.......@G..5..`P.S.d7...O.?..h.6-#:.gY.6......)-Y=m..j.....h.........9A...h...z.!.c.}......A..D.C:..&.\C...X..Z..-.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8431
                                                                                                                                                                                Entropy (8bit):7.977808914244825
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:NH7d25nZxzUKNYil5kBKhkgZQTco3oNbjN2cMV4D9qhu1e:9d29ZxYKNYil5yKhk1pYNd2cMV4D9qCe
                                                                                                                                                                                MD5:EC64BEAEDAAEF161E8B1817C0C93592C
                                                                                                                                                                                SHA1:5E5159F3E1EF638BB51492CB9595D24A047F3747
                                                                                                                                                                                SHA-256:5FFC4994007CC1A56EF3EACEC798E08C48440222DC06CC6827F55B50EECC6E19
                                                                                                                                                                                SHA-512:35D7845F7280738770280DBF641403D35F88D519F402E9F5E7145E553976CB3101A022E72BEDF8A3E90AB4FDC84343E30B453D28635AF817674A12A32C786AB2
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.q!..$.GuI..;......T...+..N....9.!j......a...:.3au..:*.G........+.v.a.s..*.%.M...60.<.kjj....wT.....?..(..Y.w&...d....}...y..7.4gd@...tOZ~..xA6.Y.....E.3..".wJ..'LB........U%.j8.....!Q...^6./M....mj.!......h]I..F.x.9k...E..."....C.T....R.u.g...........[\......e.A..u..[~....m...o..{.....<...Nnp.pn..L......F..%...........$X.hh..>...,..)....q.|.qn$U..$...|...4,.@(...!B...*d../.......C.k.uj...)\ #{..|......`Z...PfN_...,....e.p....>.8R.uk.H...%.I..]..I.B.%/.(...~!.m...k..xq~/...k...B\.A..J.....E.%HQ..._..#05..P...U..z...K7...D%.{3.[.\._..$a..g..1^..p.j.a2Y$..E.]....."z:q.....E6..a...O.;^..R.......f..SE....1...=..g.\?..c.y.xh....o_=.?.".`V8.p..#.>|..M.6...%^.!..j@......|vE.kn..G..!F.<!.K....C5N&n...c... .z.w.....e....+.E....B.w..b..K...z...{h...........`....].o...-....?...S...FU{'./ .....1R}..9...f....(<W....^c.)....G.$..N.c^...|IO..@....w:.N..z..~f^.h.z.O.E....%.{gz...Nmn.#. .|x...;.3d.,\...c.......@..#S..g.E..%..8.i...#..'v*`...n...I].<..0\E
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8431
                                                                                                                                                                                Entropy (8bit):7.97981787661293
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:w2SKEmTywB8bUf9wnGE6cCbLW2RZrcu5hN+1rdKz:wgfBB8wf2GE5CW6Zj5hNmm
                                                                                                                                                                                MD5:CF6878CD8707551EA44F570646A4481D
                                                                                                                                                                                SHA1:E676756DD42D6966EF55B554850632ECE3C59A74
                                                                                                                                                                                SHA-256:E41B99017810C7214219A75018B525E1DC67F35E8EB96AB9C0E07463E1011AAF
                                                                                                                                                                                SHA-512:ACDF99B1413B98D8D23D5BE37FAA483DA8A64442E7E94BB1B8671E180EE96AF9F2AD3293DECF1E93AA6BD57ABDD5893531ABEE94B22C6A45C048A9F5C28CE398
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...b...6..y.wAw....f...=.u+.....|.h.....,.tx.":._w.&...3...M....M4.M.>K......%.....odQa.\.......Q.wY.(..a....-.k..kG.........!.`..n.....`Pn....G.c....skq.....M.F..>...Ez.2~(.#..'..C.....d.i.....t.H.Y.V..&.\.8....y....GWz.!.6....f...@...X?...W\_..n...r..^<...3&h~._.\w.>..0..~L=..E..<-T.Z.~.....DF.].Q+B.....40.p.1...N..m......W..V&0q....*h..*`obI.q_...i....m.iWd.K..]-..Y_en.&.Ht..db.m.@.Wh..H.J..s,......2.0.&.gC.!.0.h+".>..3..........4.............J..l..U..*[.3.....]a..$3..6....m..V.M..Ku..]...Y...V..q%./..o.^b.vh..AK8.2.2.n...:......,{..L.Ta.....}...a..z..w.%+....jbg?...[.A[.J(DB..torD;..1;z.7.'..Fs.H....\&..RB6I.A..r.2.+.2H.D'.>&2!.......$....;\.3T3Tk....vc..j....S..q(.K/z.s@..l?j.I.PpmW.])...I.......dO.......ft"-....h........%...M....Wsj...G*..y..C,..0.....6...E.].1k.7..>v....;q.!......eW...dm.........M.........Nf........g..<....M.......x[..{.L.#......i.vK.:..Z..fL..YhXp..J...ec.`v.........p.C..j.l=.#th.n.ZXE5.-...#...*.5....ax.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8431
                                                                                                                                                                                Entropy (8bit):7.9777974846735304
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:Td2eyFepqmI0umdcSXjXhBvTlHCuuKfN0DZGGkBzW:3yF8qt0p/Lli5KKDZdkI
                                                                                                                                                                                MD5:08FB7A7F851F0580F8731F00EAC884DF
                                                                                                                                                                                SHA1:1774647BA9BE8DE7BF31A25E26A1B5FC5C176457
                                                                                                                                                                                SHA-256:97847F65A031D0156A0DB456547E68BF74C821C26A3D5A3CDDFF7EE5B0E36E81
                                                                                                                                                                                SHA-512:893C8C189EA56D9FA6D08C967EDCDE425C1DCEC6EBFA7AD62A4BB957E83CB3A4E18F687507535D1F387A68456DCEC5DF850E06A5FEA4ED154C293579188D0B88
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...S.....p{.m.|.H,.G........Y;..uF.D?M>....x`Q.w..W H.n.i.N......7..-....`..!PO.(..A9..i..........$ ..iw..U..H..e.......}.A|.Bl.%.MB.sd..,+..F...q.`..a".nk...@..a...Q.:.3.W8.V..1..S.M.dQ..3.a...ZG.h8.....GJ...h4....%Y.L..l"..7.+.LY.6J........Qd........^.q.0.!f.bo.7.=.x..&-F.*..%|....(.......9..?.....<m........c...c...).l...>"O.........pb.&?as.j.......#....W3... .....8c......q..1)...p./E..<.w.C?...d]v...AsP..V8R..8.L....,1..`._.\..5?6.O...|..~.5...G:.q..a]....k.]J .(...C..L....h.......C..j.....u...hyS...]C.3.....~....MrYKg.(|......,.H.g..1......F.#....,^..i.......H*....Y.......R..=..x.2..Op.k(...U.<r..|cP.BG...s...Ce..RW.z...ZFJ...>.~........9.R.6.G......o.S...x....3..N.B6-A..0.N{z..c.aA....P.E/.i.R.c...X......d.n.F..8,.Y...Y.J..A.TX8.<......>.i>$Ts...L/!'-wr.....F.R.i.Hb.N.$..............y.w!....M.-....b/+6..}.e........mY-....(}.qc._6-...`js#V.y(..m..^.oG.'jy...1.E........K.9.)....>s.U.,K...-....,.rq..k6....O.sY...O........j.e.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8431
                                                                                                                                                                                Entropy (8bit):7.978452196616383
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:dACPVcq5IFURrGH6l/YmAVR80AyymnsY0SlxgMD5MO:qCPjIFjH6lAxqkwSlxzMO
                                                                                                                                                                                MD5:212B6C143AC9C0253509107F07170C24
                                                                                                                                                                                SHA1:36A86F6D72C92D3E2DDA084F134257D27CD7BA3E
                                                                                                                                                                                SHA-256:FFAD936CB909FEDF8A151764C0DFBC36D1C307F548D1DA2AA588D10D1B7E3C27
                                                                                                                                                                                SHA-512:51FC509BDFC1D2EAC6A4C1FB6661678A86A593BE31B2DC57C4CCECA40145728FBFC7AD023935D2A00B90AEB7C8C783C1B46A2E803D7B034D97BA0CA9A51B0B6A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:Q.).......>.....;!.3......+..C..q2...n.vk<{W......4.....R={.......u;V....2&.$......+.(|b.Nn.-........j]$..D.$.......]U({z...D............t=..X2.T?^....[6-?.....].....6... EI..t.3.BH.ST.....u...k.Q.Vqf..L.r..m....|.8.......da....v......&;......6m.e$...W..`2..`..1..h.p"=.*.y:...zi..V....m@....WI.C......C....;..........=........vV.Wfb1!.H..;p3Z.,.. v.HDm.k ...Y..grD....F&..P.P1$.._..HR.._..x.xd.R...M|+Q..........$:..y.4..m.:'@..J...|......y|.j..L.A.....!.,......?gwh.V..?~U."G]){Y@M...b..c..../..&U.f...<A..Co].E.|..E......"....1..3..o..Hg..<..m.g.....l.Q....t[..k.@.$2...h.:7...Sz.[.:4...PYb?F..Q.v...K..........q.o.Y.2.+...fh....f...:5[...\..T...X....<..S.~...=!."H..d.t>..b?.~.N..M...i.f..m.r.o.T..1........p.~.....l......hs&.n..k..q.7...IcIz.c.....spW.v..z.!RRF;.$..v.[`.fi?.."u..B1t.j...f..jv....h...D..z.m...5..`1,....6..*c.`..e...K...j>.p.....?.N.(V.9..w..=U.....3^....?2v.=....P...[.1![.H........!..NJ.J....D/..M......X.._L1w......
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):33023
                                                                                                                                                                                Entropy (8bit):7.994600260544612
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:CyLH9qBn2KIsDUo1jWGIxHCNUaiTHC7IEGC:tq6sDZjdKHcUarKC
                                                                                                                                                                                MD5:339FA9024EA99AE6FDD6A3071C9C9395
                                                                                                                                                                                SHA1:BBA4C840BED16F1E0C21DA5E777FA7D45B6F13A5
                                                                                                                                                                                SHA-256:46C1E268D98B32862970723FAD7C03598F794270B9B901772925554255058E05
                                                                                                                                                                                SHA-512:38CF65229C8F1F905934683A6557DFEB8C4EF61D23F7B3898EC08B4FCCA4923E122A197A93651878F0DCA518B12172D0D11A23F577883F3F2C74BE580CD1F7C6
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:.A6..N%.g8g{...?.......j..6].>'t[ .uH.K+(..U....W.l/..JD...........d..@{.&.-.E.'".,.....e}....T.....}.D.,..?#..#e.8......c.).$..>:....^'x0.].'..X4....)...zK>..~"...w.....=8.:.^6.=..........b=.'.....l...C)x...^.....\..z..|...L....a.......G...<.}D....m..o9..OZI6xy..R........DJ...v.>.....G..s..f..6!.G.p.q...p..>$..z.9y=Aw..2.... .a>.Pc43K`.ZS...:.E+"%..hd.!zJ.0....T.,.......+.."..r....wT..^..>...P...,...^\q...m D..O.....vzC....Z_T...uH.t.j.!X]~3:[3J&._..H....v j`.A..6.....ss.L.G.l....V....9#.....l_..:...V)..._.....3@....7.\g.;.....w[U.IJ......x.4..5G......h.IR..I....'.|!.5GZ.)..........x)?...}...$........D.c.p..Q..[.4q........!.k...t*...a...%.A.D<.a....*.v;....X5.@.B.c..E..m..{+.Ao...-..c.D...]/...".,...E..@f4.........R_/W.....O.K&..1.^....K....il.tl....B,m*.6...h....j.....tM^...._.....).......SM..9l....%O.8..O...pF .wU.<......dt.........#U......>;.......~.~../...s.-Cb.S/x>>3.q.(......C.B.&..]C..X@z..k`#.o+.-ic.?7Sq?./...2...... ...3.F.$N*h@k...vx.R.D.F
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1384606
                                                                                                                                                                                Entropy (8bit):4.284972368652963
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12288:QhMeQfCg6t0Lu6HkCGEZcH3Mkyi4C1NoCQinEg:CMeQqP+LumkaGNrQa
                                                                                                                                                                                MD5:CB30DA680FEC35F04F63482E339FDBA1
                                                                                                                                                                                SHA1:1B774742B7A3FA441AB938BF476A058BEA8359A7
                                                                                                                                                                                SHA-256:9221BF447CDAA703A0D4A480160237A4164FE5B48253F4D9D550696F3A5F284E
                                                                                                                                                                                SHA-512:18E2AEF671DA37C1475D1686CDCF19366AC5B04AEE9C55357A3AF597211B2B0EB479B9503BE3DBB994DF8E966C046A47AD7293ACADFD1127B39D12E4DA2ADCE9
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.a..Pk..................?..h.-.|...6.)..7...{..`.\....... ..o.....A.R.g.a..<.\@3.dK.z.".r[...F..v.......tQ.."x.X..FC.Z'.$..D"f.|Iny.....n..}ke..@...?7..P......pX... 2..oz..T(.G...:..-.D?*..o........*..'...`..O$y:{~.sd.d.:.......|$M$:w+'..|.F\..I5.. 2N.\{~H.h..}..P\.A..K..95..Q....].q`...8x.....I*..5.......h...=V..Q?...j.....#....(..t...S..D.....R.?..Hk!#..p.$..lo.......5.N.4....0..1`....6..]..........D.....a...0B.L9.......cIg...42..'.........o.>.D...ry.H...:!.D.............<..n.{W)L.z...8#.. .OmZ@.{.~....:.p..R.7.<..86....N..j...Ks.Q..~A#.`.....J._.JpW.B....{...e......uN`.~.T...upt..=...x...k..fd....m..[)d..=.b.T.....gS.!..9U..."..>....<.\E..k.@.ram.i...C..{%..+..G...i....6n%.n.....H..h..7.\......F.*...........E]...k..a..n.yE......kr..:..@^...Z..F.SV.}....S...<H.mT..fb.e.c...+.T.CEi..d........C..)....F.z:..u........K..9r"G5@..T.,..:w........J...7.>..E0/....z%...d-..x+......k=...........K.^....V....X.o.p\.r~bF.7W.gm.**.wp....v.X....a
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4345
                                                                                                                                                                                Entropy (8bit):7.957339620330027
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:DqMENSE6WzSXktga7zAJPgxsKCuebTV+C8w6ILbdqG+d:DwP6fAeFg2KnCTVX8lkj+d
                                                                                                                                                                                MD5:BED01DEA0040F9DFA2E70498E6FB4A52
                                                                                                                                                                                SHA1:795B6BBDD997222AC5E1756C5C4C0F7630ACCC4F
                                                                                                                                                                                SHA-256:84736EA1AAFE1D7897BB0503FADF859D8DD80C80086EF0424B827F644452A7B7
                                                                                                                                                                                SHA-512:6AE10F27BB8625617FD8D67C3155DEE1F3BC39FE7655CBB755363FA0B7F7B8A5BF0EF5E36473DCDF7DD9DBFC614E1C7012AD9924339A64CDC23439B7CC3024EB
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:JSZj..Y...,.4q...*...#eQ.].....VKk.....9.6.Z~......t.k.H\]z*....iq....5.qc.+6.R.i.W}..`....&.....r..T,.....i<...#...6...]..p.|....{.C...ok......9...{....._.e.x..i.}.d.0.m..G.1...`..-.=@..:.+D@Y<.....K. n....b...X.,0..S"..BF{.c!....u...=%.....&"H9.T..R....V.&S.IW9.4G.,j].J..V.'...P...Qf..u...1..M..og.5...gv8l.k.,]....cq...~....6.>....v....P...Y..Q....S.8...P`.L...... .. .~..`i..5.g%.N.t..>..[D.n.....-.j..=v..R.R...*B..+.3v`.l.....0...6..I...]C..D4L....:.F.W.o....Y5.-...!....Z./;.....}.h...St....~\.q..oJ.:. <...(3.j.\-]$.i...z.\.pe..O#.z......S.....(.N2....mr6/.x..i8..SU...ZO[....{[8.C.)..uy9ID.YL.m./+V...@#.......Q..1..b.....$.S-P.....Q...Z..C]....;.Y:..?.E.6{....t.B.I.3}....W....P.n..._.M..c.....,..$.<GW.....L..1'._^.N...R5.-}.W1..:..0....T.1......n.......h.*w..-_..h...5...89.i......z.D.%...c....2..l$....<o..>.S.w..@.ZF...my.i...=.2......D..'.8E..s.....P../45L}.F.>.E.$)|......CTD.=...A.. ..5Y....D_a.U.P.^...>....P...U.jP..Kv...A......>\.5....M
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):65813
                                                                                                                                                                                Entropy (8bit):7.996855781943653
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:1536:tYz93J7kLYeihmYXsEyIzuSKxS8xpOPYmBGtY0AwmsCVGNL+e:tYxJ7m2mY8JPxEN3syYKe
                                                                                                                                                                                MD5:258586EA110611F7609C541291E7C3E8
                                                                                                                                                                                SHA1:F9342823246B1472128835E4AA91F6879F4A6133
                                                                                                                                                                                SHA-256:797A3D4C3EB0BAC9810AFAE8908FDEFF6469DB9008457E4E5519A69ACC6501DE
                                                                                                                                                                                SHA-512:E68AADD32E5C0F0D19FC641DC8D147D269471AE0B8770417397533F070B5C3F61D5F974A6BA3240126B2DA0B0DF22273D23CD66978427F60EFB7FA5D563A8242
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:4W......!..P.VokJ..@...+~pg+.... Y`..3.........k9.ak.B.`$a.....0 }.~...=}...-:.vd..(.E..L..)......'.t..t"~...f#G0b#..?.r.8(.oI...j.l..p&9..z....U^....i2d..,RnQ...X5..&..m@.R.R.b..X.^g\*.)g.*.g..9.C<p.SG..'..> ....)...ezy...,.J5..M'.i..........D..;.|....N=E|...g#|Gt...X.U.t.t....>.&3...P[.j..)/.+....0......&.{.6..V..v........De..U9.......n...p@.p..5.h.B.o....y.r;a.1......I..>...y{:.M....X..`...P.5.........A*..5gc`.......M...9...00..i..."....R6an......8...[f"5../..n.%.<.OD.e.;..m}...N..0.... "R..q...l.#u`:.N.L.n..d ...Qc......J..u..8..._)z|\..bqqy0Q. 0.....S..j4.._.R.B.h.F.&I.^jCY..N.t6...Zs.=...|....g..wI.m......._.........+.u#j_...mM..c.n1..6.c.Qu. ..Ld....y...u&q.M.Z.....C..1...j.}........4...qR....9.}G_.........&Cg]..}...w.r.od.j...9.q.H./....C.......y.l.....4OJ..saM....p.r...e.c..y.:.$....... .9..c...O.2.UN.ob{...1.;. ..uk.\./...p1..tr2.....l.%......'..%.XUe*.T."LuJ....W.....<.B.). \.Q....Q.)....T!(b..`"d/.(...h......C.w..
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8431
                                                                                                                                                                                Entropy (8bit):7.9791484271602515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:LZ06ypKzjeIrLJUmY7yDkD8G9+Ol3GkNRikUjZHLjRklk:m67jeIPmDPQGMOkWRiVZPRki
                                                                                                                                                                                MD5:F6429F0181B620725101B593CC788FED
                                                                                                                                                                                SHA1:9CC3EED9E80B2B2882FAA532C12189F3F92AD68F
                                                                                                                                                                                SHA-256:8A739EFA1E2BD34CFC3293E26DA1CD694A44804A2C4BEA956EE46BC2725CC513
                                                                                                                                                                                SHA-512:5FC2EF034AA5E65036A9ABCF78132F43C0EF100A78BD83F3D054D03A0F23473B2C5092CCBC34DF975F3A8D541B55DDA45346FDE7DE4F9425316C1A4AA1A5ED77
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:n0m....E...!c.."W..Q...Q...a~....?c>I.......=..@C.j.r.q].C....W!.9.l.........W.D5...k....`8Oed.z&G?..H.....`b}yr._.......H.~...!r...~=...h...y...ce...iWPvd.*&-....(..a.6.....cI<..O..<.:.:..5PV.......M`..........D8.x..NMpy.Rn.M..m....=?.'|p.3y........8....T..,..{.8A.u.'....,<.QR1....D.rNee.7d.+...j1?.....;..:..{A.....d...?.V.(x.?.@/.....&...|..S./...%..e8..*....<S..........%.<...7...>uc..^...|xa..s\..D<...{.X?..,.).0.B.}.mn*t..E..Duu..6]...3].....v.(&...7....|.X>...|.2...aT..bFo.'..CA..UA....W....K.....".=.........R&$.nF.... .....w%Ms...`5...|.?......S...J.u..W...x....k.;.9......88.e..`...r.J....v...+j.tN]...x...?...1n....e&.m.....@.+....3..F..O.....d..u.?.iD'{.X..nh..RFO9,....t...oCg=h...-.`Lc.i.R...!X.k.?!&e.^..N.>.jU.k.S...O...!$O\.`.....N..\...2....57.."...c.Dy.........}9`a.z....>.1....]....2p..O^.....|~+..{.P..?.u....z.(..8...-T.w?..n...o..~..xx=t..).)X.v.F......@..!.G.ClC;:.......M.7.4..._.....x#.h.3.U.-..U....b.`...Y.;....i. G..oG
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8431
                                                                                                                                                                                Entropy (8bit):7.980076537294483
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:v8J/a/PnEwhLTW5mOkr7gN55sqbmqI03cgewQBSn1:vcaHnhslkr7u5+qb/sNzw1
                                                                                                                                                                                MD5:3064A88E0E96B23D083B0F666A54979D
                                                                                                                                                                                SHA1:5A160AA77ABCD6469C4F11E235FF8546059F107D
                                                                                                                                                                                SHA-256:C9EE60C0CEEF9ACF90899201A2B082703B14BA8F52003B674F37A0ACFDEEAC6A
                                                                                                                                                                                SHA-512:3C18AE36634A718F82FE9FBA05A5EE80578747DC678C859786A68019C234C8F1AE4CF45E8C461314D9071781CA37962727D9CC878C047EC37459F119CCD918FD
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:../....;%....t.i[..F..6e.m...$|.7..1.L..GwD..."......m.6M..e0..L....>V.....>.|......^......x..U..$..g.$.k!.:h...}.vg..4Y?...@@H."<q....-YhB.Ac.....`.-.W.{#...gV..9..']....{a...d..Hu.y.jN..i....i....?T?__...R......r.e'N...i....@^....&.'........-y.U.MX....Q_D..;...sx..i.w...Q.8C..n..G....m...@.dT.Z..'.3..K...6N..V6.....S......B.V...Q....).uA..n.,$J.G.B....KG.....qt4W...Fb.......nXS.h...^E..q5........n.(5.n`.......v..ds....fJHC.).,..~..,.N...I.p.....zf..i....a..."....#C....;.@.A..}...e...|\.r.8..?..?.!.]1f\..N....*U....uO.^.o.IQ.h.\_...g.....K......O.. ..R..D[...(.G...."#_B...h..^....}Y.r......L..../.....8...k..9...M%..........jf.....D?...&.s..,..msu.g...<.P"..Q...M..O..h.O.....Z.......xS.>z..Di..V.W.6]............<n.}..;. "..RB.....Q:p....^=c.6.Z..]..iR1.wj5...k..`...F.!.=.....D.....$....I..sn1..$`....n..L.uO.xz...;!.EC..........rI.S.We.......*C\.J%s.+.'=h.0V..Py....W.2d5V..Q.y.eRu.z.^%b...HU.p]*;.YyT.0N......K.AC....!...n....d...s&...[.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1573111
                                                                                                                                                                                Entropy (8bit):3.6001594811760853
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12288:EWmRTKQISe6J7iHXA2W10Z67uBFcpZqis8csmDj+oPoPw:xSVhuXA2WiZ6FpZTUsYV
                                                                                                                                                                                MD5:F5B4A1F487B80AB68E942EA641696EF3
                                                                                                                                                                                SHA1:377B1C7807F3D0EC838B7D1B6B04C9DAC96FBB45
                                                                                                                                                                                SHA-256:EC2CE4CA7496CD932171347C2077B6E854A592FFABC8101328B70FBC3091A283
                                                                                                                                                                                SHA-512:987D3135A2951F38D033DF08E2674E79356C51122B9C4B4E7B4B2E7F6EDD24CA9B64C57493F6D39857382E1986400ED6A1CAF41B7E1BDFEFD30B6A343BCF92E1
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:I.Zg'(9....xR.2..H....DH8.}^.F.~..tm......a...6.-.....*...B...}.G.O;.Z...%..@@...2;.(.s]... .z.. ..y..i.../p....e..........t/lTH.......l...o...$ tY]........A..B..._.....e..8.....;.........o.5.........Y..I..^.40.A.q.Ox.T....!.<'A...s.Ur./..j.T.....M.i......._.AJ"}p...n<...Kb._.....g9.=..h....4.o.%.....4...C9s.W...w..3)v...x6..T....="a ..V...G#..."J.s.:.{....HX.....TL.<..M...5..h.xB......S.e..+s^..C....Q....^.4,.f.[....l.!....V......U!&..Z.....Da}. \..Ri.M.g..Wk.o..Jd.....k.S-../....*.Q"...8...s?MFO.4AI.'.Yf ...@..]4_#]+.v+.....a...b....,<...>. ..H.....V.)$....B:..O..7k....'......K~..J.e:...h..*Q0i..zy..z>.(^|J..XG.0qg...]......e.t>..ns".<}a...'....."...S.)..KO....Jy......e|..p.n..C..X..1.b...`.+:..*.Mw..H.._..t;....5a......f.cf...sA......B6Y.v..j?.w....'..r.([.......:P...0...L.R5...|M.op-.BO..w......dT..oU......MY..-...A..SH.=...b=i...e%.._.=...5.w..fW..Y.d.k.0.....N......g4km8.,o....j.. ...g....p%....fBih...D/...`...(~.W..b.d..m.."U....M.9.e...tA(.mv..
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):16632
                                                                                                                                                                                Entropy (8bit):7.988554278254882
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:G+RwtoDL3yZ5+NlxteULu09TpAEXQt+CxdCQn:GZKL3q5OLtLp9tAQCxdbn
                                                                                                                                                                                MD5:4893FDE6427660FFDE106A6FFBFB539D
                                                                                                                                                                                SHA1:BB480A4C91857EB6DCBBD004E92841406ECE6282
                                                                                                                                                                                SHA-256:331547783B27836F1B10EE3BF90B79BD80CAB28B7CA05064EC342B82B9E89F38
                                                                                                                                                                                SHA-512:D5524777D77930E570DF64EC0E444285A8F9F8EA70870C5961685E281D5520B691D5D7069C651A6FA6C2D286312D2487D25ADBC8F579001FC262050A0E008FE4
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:S....PZ.1.`...h.Y.l.~p...j..6U./.....Q.RH...A.N.%Z*^....<.H...l1..........UP?gI.OcV......;..EtL..'2F...9....(_...=.|...s6.]..55.o.d.,......OH..J...IZ..Y.qi2WK..;o...x...!.../...}zC.K\i.w..e.T.]{....J|....dbr..v..J5.%.I...I(.>p....a..DX..._..i..j.Zq...U..j*..L..w...x.....q.e....P..Hy.[.SH...9$o............@...q...`.....p;.F....]x.......^....<B.'OY.`.:y]*..y...-...;id.R.wK.Mm....P.xfw`...:$58.n...a..^....8....!.....L.l.j....wn.(P...../j.9I}.i....TyY..P2...........R...t..~4..@.a.J.c..<..*o\&@...'7.....V.\.}..!..[.E......q{..X|.A...Ik...|...RZ.U.@.`3F..D..br-...w.K..h..q...M.d|.et...*..A..+g?..b`..+........3k.-CO...`Iz.v..*.u.A.."..X].?+....x.a.Y..?...F..PT......F......y*.v.p...!.i!....#N-KHy4.'.....=.$.c.....q...za...X&~.W.B..@....f`~.b.......c3S...#.JV.@hwGu.t"...(fx....X.\}..!Nr..D|x .......~..DO.:%.fZZ.,.xm3.....9..3.........&HK...Q...o.1z..o.......F....K...w1kn....u.O#[hj.op...9.Z+...0....R..@6.&.~L.m:_..X..Xp7......V].1*...1@...g.....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2097392
                                                                                                                                                                                Entropy (8bit):2.8402937812697897
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12288:hQ2BAPsv778AM3ogKpAQVuiCCxJeSZbb6tkaJUbMKJ9GTMD:QsvfEZEVN9xJeSZv6tkdbz9G4D
                                                                                                                                                                                MD5:CB05D710BD000BC76AA0EF521A5D5824
                                                                                                                                                                                SHA1:E0EA4D664EC0E2BC7AD15256CA9A191EFBE46627
                                                                                                                                                                                SHA-256:38CE1CDCF9204DD14D1E5A997D4B8AA6A8944D3DEF945C5E4A2A16617C67A031
                                                                                                                                                                                SHA-512:C8E3A5A2F90D508CF1CDDFC05A38062E9DD7BECAA4A6750496A0277DE74468E1BF6926EDFA0414F682ECBC62BC8439DA260670AAEF026A4D38912FD6DF125E46
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..,.~.B..`i...#.U..9r.^..cR{/M.e....C`.Xt.H..W...dJ.p.....c.&H.}.hgZ.J.f...,.d.e..f.s...!./.....XRa.........t...1t.}J7.a.l....^g.>..zg.8.r.f..}.(.U..l(T..D.q.5...g...C..8...1(....W.....HqK#..&H@BF.2...._.;x.#...D".]..0........@.S.z.,'..._.P.#..A...1.o.Z.8...>...=%..vd....2.l.;.D.+;...u.M+.e.f.b.O.i.~.O"i0.....4.V.j.gmL..|3..Ty...E..\.3..1c}Sn.:.FI }WP;..L5.U.......W..3..GsO...-.e.F.nRU.'.c..$....:N.......6 ........p?..U...XR.~.....o.d....Fg..Y.......e.NAP..H..(00P.ut.n...R?...[2~.#^..B..k.?V.....%.E.q..Qq.H.].m])..^..../.zcPNJfG.2i..'..L.n!.+..r..!.....9^..r+Z..b.>n?.j.!..........8.Qy...#2..<<......@.$b..W%u....,ay.H.s..O..,..R9..:(i:..o...H...F..%R...". ..c ...h...N...o.y.oD5+.)f........n.....`.K..R.v]bI5J8.c.]o..y..b.O...U..b...#...l..:.... ......{..d.@.9.pF.Ho..R.D.uIMah....9|x..R..~.2N!..)./e.1E&..j<.^>.Fe...d4M... w.M.."..{.f....)..J.M.........2C.i.,.....J.WT.....G.f.S!....v'........_..@..[{._ro..g..*>..U...).u.=m.r.d....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):16627
                                                                                                                                                                                Entropy (8bit):7.987618509211499
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:P+J9eM33P+FcGiLpjNNo/wqKwhX2+cUKCHVcZCCddN6KiZkZk9z18Ci01/iO:WSMnPu0NgFhxKCHVcZxddoyZk958RCf
                                                                                                                                                                                MD5:1CB488CD293B77C2D0C4CA4197A2A686
                                                                                                                                                                                SHA1:7BC7FE76D49FFC523124054AA5327C4F8031E9C5
                                                                                                                                                                                SHA-256:23E28776F36C9A3F8F3A70B00F748327F29B3BFC952A353F15F710C7E84D1497
                                                                                                                                                                                SHA-512:9346A33CD0C6C7272E6D674900A9D9136C473DEE646A237450288C7C51C638D5F9ED17754F164C092D7D21837C7901E751D2B73DB045A02DDD3247DB51245254
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..?b.|...A}YJ..12\....5..]...z./........!..A...4sEu$|%RQb..'Y...<......=C......:......%.B62,.GE...D....}.........?}z.zx.C..'......e."........y......1.......YcZR....~.-..^...%.V1.b.^'S\......3.#.S(..<.{R.......U|..$R....$..).x...Oc..D.W..RLX<#(z..?m...D...z.;... ...*...... 3.........k...5..lQB(....m..!p...}..@....{...}...u.?T...'}...TcDIb.Q.j*v......N.......U.....5Q..}.w.3..>.......n-...nd..m..A....-.[.Q..c...T.u<.n..~.M.4..S./O......Q.).......=.........e......./..V......5...{.zC........Oc.....E.,.....'.C...%..r[.....,...R%FA(.......}..o.a.....Q.9..0.H....5....+..5>.......+....O.l.a.M.".,4..N.o0.g.U.*l.~.U......:u..u1Q9T.s.]/..p..M1..>...6.....V...63..q. .!.'..r.M..?..,....J.(....Z5!.D.\..aw.{..`....[....o..U..LSKa.K....YB...`.m.....Bz.D..Q..C......N...nJ...).~..X..#...T..jN.^duz:?..rf...3e..h...~%..fx:.l~.l;...G....?...m....i..".`.x}.....R........<.%...&.>...M..o.9y...p....Z.*L.........2...=.@.!$J..d....U.B. .g.0..:.ud.t.'.....}s
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8425
                                                                                                                                                                                Entropy (8bit):7.977461194571814
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:wTQeMVSpycN3xo2Zhmt7VqiLtIZldNwEX6:wceMVQy6BBhmtVqiJSZq
                                                                                                                                                                                MD5:0F71F3EEE6DE15BAF0B3184978099F16
                                                                                                                                                                                SHA1:C6FF81BD2B297C2B3702E3A9C13FF6DEA9ADE3E0
                                                                                                                                                                                SHA-256:94D421D75C2F57164F69B514B9F085AE8A59065D4ED0DF8F0248BFF95C023E67
                                                                                                                                                                                SHA-512:145253ED4A39C07CFC0642806D26383BADF938187927D7592C64A5B4072ED76A11B25618EF56DD972E35EF7E4E71DDA79B665930F7CE4F83B31243B951DFAF5D
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...u...j......0.n..at$....C_.KB7....?...n.5JP.W....t..Q..Hv{%}./.<)..l.........=\.......B..g....V..F^......9</.....y.d.l.....9..m.a..v.pl1K..%.'.Af. ....{... ..T.I...km......H./*u....d.b2n.%C....t.Vc...b.Q`.....P...W...N..........s...........u.`w.=..x.Dm..Q../.wHK...u_.SX.#...Mn.=..Olw.!..Sj..Lp...N...%....A.*=.#....)y..QB....U........C.I\j........I...y.......!2.`.....K91...%:|..}.K...v.4cS...k...u.]......U1..+..:N...M.z..@...,...@H....G$U..6...^...............S.ra.XT..R.p..../h7...'.......s..|#....x...o0S..p.....g.....g..u(.cy...T...b_..h..Lh3.q./.*..x.\!...r....5hG...T.a...{..,...vd.....Q..R....^..6...C.$.G......T.i>j.....K.e9Ksz.........Y.......c....8.d....4(,qU.5.+..$e..ot.Z.=.)....VO.;._U.DN..T...<l.&........@.%.x..,.S...../.8..4r..W..E.....Fm3.|a...7]/8.1c......9.;D........k...n$m.H.)...d>c.M._.S....W........3v...^.Q&?........0.=L....nr...U.....nF..A..T.G.o]..$.>SR...C..}uy...-...\N.L......+r..w.y..CN.-..A.9.|...4@..
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):524521
                                                                                                                                                                                Entropy (8bit):7.999647211203295
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:12288:9ApiB3Izrvc7EiXFAq2IAViXN8j/h9v1Igv5CFy33EJDx:9AUIzrwEiXFABIA8dC59vn5EJN
                                                                                                                                                                                MD5:DC2625680C449F0B2342ED132F5BDAAD
                                                                                                                                                                                SHA1:C6B38A64C5CBFA6F661849D094B927F5A7765434
                                                                                                                                                                                SHA-256:05B579CC4A9079165FA6A77E2E59FE1A36E8F6B03955A71D103B1850679A5999
                                                                                                                                                                                SHA-512:15DCE806752837F1DE560E9CEAB1E067E1D436D550A8DDF93ADF10234FAD216C2162EE10B5B6045E4857D182D32834E8234157AE003899AE888D85E036AA8062
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:...*...@.(..al........H.U)..t...c*.]...R...l+Zy7..v\....M*.)...C...Q7z.L8.M..-.Ku-G.j...g...H..|..;.........]H...cM..%=z.-BN.U.Ui.X...[jX%....,RE!#..UG../.7..9L'....?...,.=...p..B..#l..t..).5...;.]tPtEz..m.w..rZ....:..2.->.....t..^.........L.5d4..vQ!.$.,f-.2<R..v..`bd..a.Cs*0.B....H..UZjb..~...r.Y(..CG..!.Hy...r.6|.o..._4.2.e.>.mp......J..bkc......}N.....;.....8..eq.P>....[W/m.=....Y.Yux..Kw..V.....P......yN....J!...:{s..T...p.,......pS...d...."k2Y.4...xii..p.l?...#.z..WT....[..rJZ.....m[...br8n....+g(.. ...D..,k.wZ.#...H@..6.W._......S..1A.C.f..t...OP...... ..k......L.`..op....:..M.a.....v3ba.b}..._.1>.(BWn.{...sV.....Vo6....X?o.&..Tk?.3....T.c..;..`...k.H..k....0.;...<..5..>G^..m..5t.C..g......q;..\A...-...}.hXo...2.....I.....QCs..?>..0#...j..U...........J<....m*.4...84.S...#..`...._..H..b.G.X.J.?=...2..$.a..B..9.H....=9k..uNe.f..W1[..A.>H`..Hk~W&.)N/.Q...K.....Y.....K..L.G<..tM..@<q....g5.6..<.....v1......<.-..c.....~..hqZ.r..>L.`.ZFB..3.5
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):524529
                                                                                                                                                                                Entropy (8bit):7.999696835111643
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:12288:j/B2EGuAJBuOE38kwbRQYU8o+iu27384qH9nPcXBY0FlGDH:jkEBAJBuOE38kwbRzxScSY0F8DH
                                                                                                                                                                                MD5:37B19D101CB536A874B150D984655FE9
                                                                                                                                                                                SHA1:3B40C3A76319AEC83950E029E3A8D554928336F2
                                                                                                                                                                                SHA-256:7CFB5A17A8216E607A4C01365036CF515A267B421DE4C658E5FF05E40E5BCCC4
                                                                                                                                                                                SHA-512:64C0B7ED6D16852CD40FF8DFAA8BAC2C17C93CDF18B64F75F2017EA078DBD31C859F0E9800BFE271D8865361067B1A745AA5A003D82E6F5733B520EC61513E23
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:.w/Hq 9..7. ...|4AF..[.Z..0...7anx..d..Q....4...!F..k<.Y.P.n4Z.........Sr.8.Nc{.4...J..f|_R.n%\a...J....Zu.l..Y...|.y(.^*.........)...Z....OY.. ....h.....w"*..lW.k.....u..G....=..B.D..u..S-...j..'U..s..s.K|....F.k....DC......9K...3..rT..../.....HJMV.2...X.o.2`.]..(.......N.....gR$..>)...=p~]...<e.g.dYM0..V.N..i.'u.#7.9y.........#Y..u.......<@..O.F.n..f.L.iE.x.1-E....+....3tO...M#!.U`q1'...D..78.~ .... v.......2....h".....-k...m[O...4..-..G..Y...c=.F......L...).....qf'?..D+<d.p..`gh.....-.........KR9.w......Q..9..K"Y...m)-.5.r..8q....U...Re.V...^....8.]..>..2..]....#.9.1z...&.`b6:.....q5..H.^...0....T.t)..Y.9......S........R.:.{.7.%..<B....E..xgH.Oy4w?....e..g....}C..O..i.t.Z.....+&..e.{|...P]7X1..8h.....P.57./.....8`..8.....C..B687....6i1sa...k..;:..{.?....F..."j.....N..B......Y@.....V..B2^f...5...F..y....".....Aj7k......E.R...k).i.l..9.{.I.qqPzvN..a%$.t.....`a.-._.n.;^9..d...,4pR@5+)vo.....q....m....p....o-|0.OgE.'.....6R.?O.....{.{.A..T.4.T
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):524529
                                                                                                                                                                                Entropy (8bit):7.9996608441261925
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:12288:hIBxDybAuIRdw9Q9p+8Yuvq159PynYs2NmpZ4syznwuX1xgw:uBEbNSdvACCYpMke+w
                                                                                                                                                                                MD5:49F3742C6445A78009151F3D7BAE74C0
                                                                                                                                                                                SHA1:F06A069A4DC3C107DEC767C4443FA95D711DC52F
                                                                                                                                                                                SHA-256:06D3A5898F6A178639027447CA901A8143FB9BED15F7B6AF92EB3D95E5AA975C
                                                                                                                                                                                SHA-512:A5FF8E0BD1D89F292A0CA18DBC77F2A0EE35A868EE031149AB7E3F13553321C43C7A8DD86A016BA0685509384521F8329C9116186F62E749A1ADB846AAD82BF0
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:\.R.X."'..;L..J.....g...+...{*.3.....B:.....>..Y._2:..Jc.0`.P(..H...s......j,eX...OM.n......5$.eu.^.6...#)'..C.....<1U.j.y..R(..............s..2..-.2..\...,..BS|$.j....."D@. t..... ..._....<.b.e.O.vD..vt.E....U."...]y....p...F...C.;.|.....[..'?.wa.J.M.D?ZR....v..=.Chz...7.j...I\..|.+.Pj.....k4.{...>*.sU6\._.*..Y....0.B..].%+.9..}q).....n%....z...pI....M}......X.r.Y*.Y.g.......9"....Qp."..9...P..9..zV.7.I..P....t.P.+.fV...T..}...,..z..i........0......'-.y.QJH$>C....A.e.t...8..c.......N....oSd.....u..c.b6".~.c.^.1.zL...E...9K.H[O....V..A.B}.*0....sfy/...=j.(0XWwy3.1.FO'19bx..S}8....r.r.....I:.3..0......k..f.#.Cn.{.F..%Q..Lq-.rix..s..oz.2L..).|..1. ..x.l..R.2..,.L.5...@e.`.. ..T2.'..i.{.....eR.(_h. Y}k*I.Vlv.2......_....3.>$.<:..z/.R...p.H**.....jy^.I.....m.9.tk].L.....H....} ..*/.b.=.8.,..Oi..[._m.~.S.r0.D.(....Iz..e.b$.io.Y...i...|.@e].9.....U....-..<.R'....aR.d~.a..j.t.Qt............;..y.Uik.M..d...F:&.....u..s.&........v1rE.o..F.g#......nd.F.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):524527
                                                                                                                                                                                Entropy (8bit):7.999634671022618
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:12288:FkoTdCm0FGXwrmQR86PN2zqIE8tGLLalaD1IINRI:FkmdC3GsmQlmztILznN6
                                                                                                                                                                                MD5:ED0772C83570DB8DCEC1DAC34A733714
                                                                                                                                                                                SHA1:E18DCFF2A2A73EFB1275324DDA62532664B2196F
                                                                                                                                                                                SHA-256:15E1E2065EADDD4AAAF8210C943D9DE3B26CF71F17B5AC74295D702B3507CFFA
                                                                                                                                                                                SHA-512:8B99605D62AC16BD2AE8C006B05E6308B07DEA0F003531EED48F666825BF4EF40F4F37E09CC6C0BACA00961DF0EB46FD5DAE8ECB87022E0E6E8DA15AB0E3751F
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:.x@.m.l.U...Z%_9.[#.....2..........g..l...!q.v,.{...>5....k..$.}`U.e.L.v..3..\.Bv....2..,..o;PX.....X}........(.f.8....N.\b...5=.NW..8...:.6....}.w.8..7.`..I..-u..rDY00.y..+{v.5....@`.b..g...W.g..>......(j....E.qw2.=.Z.....a.E.2..3..k...[.-.....91..^.U.4Q{.&T..b..u.{t...D.e8.P%. }...q.rQ....6]...^.;..I..;59...5.).q.U..8.Awn0...]s...p......HN.o......y..)._.y.xHw....BF.io.....'...5.Z...n.A>.d..K.....O....+z.......YO..@.....p*...k.t)UBb0A..`...y..%4. ...4P.)...|.r......Zr...R..HY.E..b.t.g..pb.o$T.bHh...A1...d.....X..w.q........f......8.........}2z[.+.le...+%d.S...`.?.....c..~m.IR........1.A..\cH/....B......ri....g1.~....f..2.......>.#.0.G7J.d?^...O.k=*+.Z..n.Z.rs/.. ....Jq-..I...n....B.:JC.3..i..C.e...t$.....5...,/.m..._..8....<..p........>BBr.Oh.9F2rQ..@.b..iu...]W.i7..F....&.....[....[.q..p......u..I..7^.;@..A1...!.*.0F$....Wh.}.V8......W.ab./5..2..D.yC.....~..:.<=.6._..F.\.$..{...UT..f.#.h......O..Y2X.....@.#o.....Kd.@5...8..1...............A.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37245
                                                                                                                                                                                Entropy (8bit):7.994934839284737
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:lx2I4BR4TmoyBq5H/NdWx9LYV4hcLNdyREz67WNzDtWw24DUowUm30Mpppq:lx2ZBK9BHldcLrhcLjyGz6aF5Oy4BkMY
                                                                                                                                                                                MD5:28596985FF760845493124428CE440FA
                                                                                                                                                                                SHA1:EB77493198848E2F2BB3AFA560E40BECADB47B73
                                                                                                                                                                                SHA-256:DADF92A98CF2F0334EA2A1932DF74892A3C850B3F2C2F8B4DD8119404CAFA87D
                                                                                                                                                                                SHA-512:A348ECE1A286548C9C957CEE8D4F91A1F3D3EA5C4A944DDD444D186185F080C8AE5C6425576D0791797613877F9B3B469249D5AB002B376550F0DFEC006DE8A1
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:B$.....x^.i..O..........R.MQ.R....X}{.........".(JA..=N.4wL.8B..8@.....m.z..B.s.I?....f.j..0..e..K....../..4u5..._..Z.9..&t)v..O...U....L.y..V&.#^A.......O...{k..A.........#.?..T%2...>.U..!..a.*[G.....yd~.. .?.N....:........@..Qd/.D..~=....@....-LT....R.\....3......NW...t8=....|..{...Gh..L..o..,......<....sw.q..y..9`.2.........)....,..X.|xk.k.^...j.+.R.i{n.RIl..b.A..&nE.uWB7..x.>@...l.R.YKm.s...X5...O/...2.d.$.M..t..`.(.......W....+.=.a..{@.U:..b..........i.-*.#.A\...n..<2.?...%..(..^....uM....]. .\p"...8.9r..<..`~.....!..R..6.W.2.. ..L.....\.)rbe'.$+NV$.[_.L.jma0.yl/.(.[.....|sMx.(.Y*.(..y.L...6&.D.Z...Dw..ky.7..._b.<Qg....Ea.JN.7.|......\.fed.h.W.....Z.Q..z.......S[+..B..AbV..V.R.P.\.t..D8.x...V\.UA...........A.0.z...d....'n.._.DV&X......Y@F...'....T..i.A_.b..h.$..=.6..o.f..3.li..0D"C......I..b~v!.."...fa.<c[..L1...d.ZdJ.......*C.Z.K.P...g_..{.eRh......._.f....b....Cw..<..X3 ^:`!.py.i.8/...gBQ...%.../I.V#w.%qJ.....p..b....$.#..Tq.FF.$A........GK
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37277
                                                                                                                                                                                Entropy (8bit):7.995210138277523
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:vM6RS7zz0SxlB+C2zzvIxYhD1OvQ48GNT2pE2s2WV2H3TnD:vM4S7zz06o3g4F4niqH2W6TnD
                                                                                                                                                                                MD5:A0BFD384E6E67FC99E257D07716F20D1
                                                                                                                                                                                SHA1:B4AC590E61F2D2323515DB0ABAFCEADB743DC12E
                                                                                                                                                                                SHA-256:37D1E9CD18B8015FD21525034EA02537624A3DA12339898D5F39BE185147E28F
                                                                                                                                                                                SHA-512:DE7366BE3335A13113A4B39C7F3C83ABBEEA467AEBB0CA24D6908FDC7CDE31346D4DD83F531C2DDCB6ADD20D4D3CB60207C734814FE20915BDA1AAAF0251627A
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:sa...I"/1).....!..^0....2b...ID......J0.n..A.....TEC.-m.r...2..\..R..@....&....Su......%{z....V2.;3~.}=J^....(.y.2..J.Z.NE.p)...".E.......6..8D]........BY..~..!...T...;;^..cC+..`.+?B..2HRt..6..8N!...~e.........u.T.....B].n.G........C.i.fi..'.o.y...>m.R.;.R.}.7..uz..r.K.7.Y.-.....Z....3.h....cQb....+.y.mC.o......|A.!.4G.m|..&...~.|.?.U.#..I...5.;pK.L.>..3.....1....r.$.:.....;."..Bq`....T...&.......Ey...Z...CF...N...K.....#Y..r...R...z.Nw....3....5'.:.t~RE..[89..C6.G.g.E.o..^..a....P.z.D.o._8.'.-........P..P.hR.?..x>.v....{U.0..c,@.'1j>m..@.[..1.E.A...<.P..}...eZmF....b.T.`I..\.f..6......Z=!K.w.18{...)a._...+cWh..r.Wd@...kX.....*......A...S@...].i..8.-.J....F....AZT...&..J..:.?4..1.g.FX/.v.$s.vW0z:W.....g{cv*w.B....t.l.$..k.Vf.l......_..<.:..Q1..d._..j.V.....(4.WR.....@..~.b...L:.o%^....L[...Z5.G.....X}n*.(3.Zc.........f...wGT.".HH.V.To.....>.>7a.6.J..8..,....TU.RT....l"X.<D2,.&Q.A=&.5..F)F....YM.j.....8.....G.s.GV57....~#;H.h.iW..VP..7...n
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37280
                                                                                                                                                                                Entropy (8bit):7.994793477076956
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:AinCr8fLjLqz+bUFUsjTOS49/2KsuIjTeAKF9yBZI6bUdDi2Zfga:AiCIjL6QUFjjSSY/nCjTOYZhbUNTB
                                                                                                                                                                                MD5:969F263B534399A2F983DCB50C4F893E
                                                                                                                                                                                SHA1:E1075F4927C90E0DAEA6FC33C2AB3A64ADFA25FF
                                                                                                                                                                                SHA-256:D7066B8A4ED1D32AC309810509565B763045E889A82EAC26E25D2478D02AE15C
                                                                                                                                                                                SHA-512:E35676F6A97F9E4A40FA9250481CBECADABF6763632390629A954CB1EF5929E5B686A786ADD2CCE22C070DCD675493963B329E0BAC909E6D579D9E8CA980C113
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:D..."...T......<(..Ryn........A.....^....U Q..nGD.w...(.P..4;....j...."!.D..>..OUp.*.....!.....X..b...0.It..u@%E6.8.-1N..O.Gc.:E.rS.U)M.z.....u...#|._;..A.y5.=...X`.@[:...3...?....I..Y.0DE..b.+....\...i.S.qYP........L...K.S...fo.........:.......@Di..v.|...m.CR.0&...(.....L..Rl..$0.pU..\..Q.,....\..t....d:z{.. .|.._2X.=.l.&..S,.6..En.z....c..k...<..C..g./^].../k....G+.....,.....R.>m.U../(..O...^.q....U.(R*dZ.@N%.^CP'.~.(..7.D.V......%.b.0U...._..ho.&q....$.$..f.U.f....<#)..z..Aj7.'.d&......_......MA.../...!.E.....vR.{.M[.*b|.....3....H..&..,#q.fA(F.x.n...iH....k..=..gk$S...-....u.(..E.o.)....4..Z..un;a.B.w...A.n..=......x.?.....Tvq.q4.O...{. ....J....E....l.Y...j.6..v$kz..h...o..2neO.........+....2.=..UpC.01"..M......p../tRza.m......L2o.H...90.ZL6.p.....=R.O.>d..u_L.m.&j..57qP.^...x3.%..4....=RB<$..D.fI.v.4t!l.>'.....X.@.."AU.z.-6..0.0/.E....%.Q..6{=.d...6...-yf.F..iZ.S.>P;....}.4\.1i@..<..*..y.hY'..........:...-.t8s.%*..$"...P..gp.;.."d
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8178
                                                                                                                                                                                Entropy (8bit):7.981648223566884
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:j3mZud+ydWGbTdTG/f6crJ7mm3CmDOUxKi/Y:j3mZqTcGlG/fn5m2DOgY
                                                                                                                                                                                MD5:3AFEE38D4A2730E5CE6C16CE8AE9DA6D
                                                                                                                                                                                SHA1:C1D3D7D4EB8FCAAD884271AF7C96C144F37FCC5F
                                                                                                                                                                                SHA-256:C10BF84B4741FE4476D3D769199468C91A2F5CDFEBF9F7ADDBF33E7593612981
                                                                                                                                                                                SHA-512:6B0CD1289FC19C21C95CA6DC0DD14362AAFD12C1AFD3E7D013F6956F0E28651EEDDAFDFEB1F67F6E62D3C92580AFC24549859AEA2B23543EF017F84DD4AB83F6
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..}I........M. ."..%.......Q._...Ap.K'..L.}.B.. ...........G................D.Rf..}......ui@cIvZ1.sf..e._5. .I.M...*.k.....*[....._...n.Un..A.G.7..C(Y64......>D[...w..z..ArG..m......?....j.9. ..X...a.....t...9...".o...6.,...D...P:J....c......w..[.T9........O..:a.7...Q../....{&.a.d .....6.g..*..=.#C.F..;...>..;VZ6.?^c....O+....u.)V.. =$Z....._@..J-B..@..Z.P.o.L.........*......j.:..N1.....H..].a.q}.E(.<[.RJ....3,...Y..[.#.f...~*Q....]1....$.+...M.b.>aUg.:O...%....l..>.......Z.N.N.....P..$1qL...gM.........S..^...Y...,m<.4)#..U.....-m7...T.AZ..x.DN...a]@L.a......u....aP.^......i+.....Ji.W....P.WG.D*.<.=<*..F...G}%.C.;.@..gX.....0.5B..;.w..0G...ge.Z.[..e...."m...B.].P.-..j?......_...t.?1......!.f..%`..xF....K.R....Jmek(.1....j....w7q......".....R..r.MTQ~.^.Om-.....iG..O...[.2..&..i./.{.....>H.b?LY.G...C"......{:I[.wMb..f........(.@......aTq...A^.....>.....@...3)...Z:..'.K_o.Sj.S..._X|..EN?N9.'ce...p.m.I...r...AGn.....0.s..d.1]...Z..'......f.7u.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37282
                                                                                                                                                                                Entropy (8bit):7.995289732248177
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:e8I4Kuy1O6q+JYQD30kFKdUQJwJ/iKimU8/uIyc7JRrFsBcvv5cM3:a4KuyO6+g0kFKdbJo9iQjuep3
                                                                                                                                                                                MD5:CC0056088DE1306B39B0706CAF53D593
                                                                                                                                                                                SHA1:1543DD38D030CE12C26C8E284D27C4E67D4A9B1E
                                                                                                                                                                                SHA-256:ED7D76534C0E02FD9BAAFAF543A8EDD3521148BCCCB3CDA6CB29FD3230BC6A7A
                                                                                                                                                                                SHA-512:9C23077045CC01E358EFFD0F3AD3FD5152ED2D89E01903A12198F3E7C9DC90E3F0245E1FF24E57B6C41DCC9D2445F22D89CB484172278469DD4994DC338C8B6F
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:A..o..u.}.g.gGW#...(eQ8.K.E..C....k....uOn..".kM..\...-.....(..$..\.7.?...7U.^..n\..Q.....2......`.&.....!.t...Q...'T0\c.)y|..Y..m.....Q..y.(1...Z.-.A.(@.>.....w....3(.....#..n..,.A..Pa..Q....$...y....d..&.?*>.A~.3.....3.fb .:4.[...7.|p...{N..UM.$$Y..}. LH.q.&.>./..gS.#...?.VsR[.1'....<.`B.....s..>.DN.%.....1..B@...1e.{...\%{/...H=.Z.+........\.o1p.{/..J..D..U.3OS.H..+..:..v..&R....+b......o..x...Gl"..R..o0n.."...S....e...vL.n.].J..o..#..[Fju././..X.M.q..;.z.o....H....m......_LT.x!..........[./.j..}..j,.T..j.f.q.......%n#..e)y..Z..|..N.~.{tE..s.......U..!.....%yU5..A......>.....:X.).z.Xd.AR....!.W...,..@..[.T....).h....D.\tk...{H+]..uY........(.7..lg.......t.......".4l....3..i.....2...2H.m.V9c.$.....N..%h....l..A2.....T..@.@.d...4.Q.DO..U.G.t..S.t\|..^.<UZ.$...]Y%..$...Hm...OV....y2<..b.....bE....r..Q.-...r.g.V.h.........[KL.........J+3.(.q:Vhp(.kR..d.~.}s.)......p..X.D.48.I..?.w.....N...)....i..b!N|..Q.....W.....&>.V=...e...ti...8.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37283
                                                                                                                                                                                Entropy (8bit):7.994645485742167
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:+uYPzp4IqwTrJsvOwSM3vGUDdKRonZM63KBPfoXjsFd/N2FKPDSlXK8NgPo1se/n:+ZPVdTd0OwT+GFCHoz4F2UPDSlVYlA
                                                                                                                                                                                MD5:40E3F2B8EAC50A848B35A92213B1D392
                                                                                                                                                                                SHA1:383905E4BC25EEFE959986337268C8D165B4EEF0
                                                                                                                                                                                SHA-256:A57B2FAC2FD28C00E9861C180FE4F4216C3E4E4373ACBDC3544F255CCF0E36F8
                                                                                                                                                                                SHA-512:B862A2333504E8C3CE2604875E56203295CCB36A2484B640F7E7A43E1F28D9B45AA90B401A70135E5AC24F8C1DECEBBD3E51A7095525126F67003128C95DE6E3
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:..B.D..3(......B*>...u.......=l.X.$.~....D#N.xw5...(7..|.'.%...eF....6....._V..q..FC>P.X..........h.zD'...o...7=..H.....?.8.w..'.x[.1..7b.3....N9.....VtI]..6..7...\G.4...;...>..\...M...*.b..8....k.\l,;$0U.^...*..x....e....;..mYd._;...?........).6..>.>...@...Cj-"..d.>...*D..a....)......Xi..O.......d.h.+^...+..l..5+...^....<.....a..U#ubw........AR....I...j.$.?...o........'.r..].......a.3.%V...W.Hv]K....g.u.$...m.Q/+..~.f..g.....i.....R....Pm..r.6(..r.*.h<v...{.sE.+.'....H..Q..x.u..V%.Ju.>......ph}.J...=.G..mx.f.?.&...|$.D...i.~v...C....';.U.P..m.H..+.....r....0g.T......KL.El..d@.R.....2.2.8...39..Kd.3..6.eQ:.........7..R.+M....?;.R....yu.....U...h.~I.V.d.`..W..!-g-T....A....J}.B?..* ..}#4...jnC......d7.l!.5.....R....O`.q.C...'}......\g..j...QL.........2w.....9=U.........'X}.,DI........|.....3.a.L...S........V.. .k40 .x.0-.....C..v....Q&...\.....%...M..^.d5z..."C.R....k.....u~.]..)-.l..E..:8.Ky.U."....{ Yy..:@..L..[.P.N.K8B.M...7..(8..
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37295
                                                                                                                                                                                Entropy (8bit):7.9940291295164885
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:e9qfZXHzbTR/u6F3/IW+QnXHGwMAxbmK80X16yBRpIAn:e9udHzPRW0bnXHgAtxn6Kow
                                                                                                                                                                                MD5:90311FC50D8055859BF6CB2289359B50
                                                                                                                                                                                SHA1:A9151A08281790134966C6A921205C17923B1D1B
                                                                                                                                                                                SHA-256:21AA889F0A051438AE8336E18EEA510B1C841467C185512701CFEAAF9DDB2DC3
                                                                                                                                                                                SHA-512:774FC8E2E2B407D28211D6239A29F5AD38E4B541290E09C32D80875380B41404E9F2EEECC2D717488B5729EDEA626356F1853883B38060DB307E18560219DF3A
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:A..Nn.F"SB5n....VMs.1.\.9...j..,O..P..........a..Z.B..+O-..St1g.`.v4..,...k*S..E..Y-.......1.yi.......V_.>{z..>L1..2.1(q;.C.8.?..@.`5K.3.....p...%QR}.:.Bml.t.HY..*WD:`AP|....4...l..A4.d..r~n.E.7.a.+.C.....Y...@...Bf.....S..s...m.[}e.i...t....g+t/..z..3.....dX.q.=..UQ..............t....+........r...x.$..<.....g.....%.G..j.."e...I=Ty.f..\..B.....Z.)|..@Tz.1J..Hb.F..X.}..Q_..g..../......M.9. t.K.H..5Z._.S..IZR.}.. ..l.......v..L..qN..[l.tHJn......e.K[\^..i..jE..|KjZv.p.t.({....sY%}.Pp#...f.X.....L...h...T....!..iZ.....=...0A..j..&Ee..Z...R8`.b/kr..kI~F.f..B.8w.t....;.iF9....U.=....@.DR7.....U...+PRg.q).N).......*G...V....u.1........3.k..N....m.+<.U"IHC...nq.b1o.F....aV_..._P....=...Y_/._Lz{E.....D.........Y"....0.O.."sT.i.~.o..O.(..w.L..S...T.4......j.L;D..*..!.WA..P.q^.,%..7...OrA~.]b...g......h.........D..u.M4s...rlaItX..2...5...-...F"{..il...~....4...zr_.R..@J,...]7..Ud.Z..j.C..^.o.6..5....:U.g.0...J..h...H.....G'.i..uA..:W9.W....[H4#Y8....5..<.b
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37281
                                                                                                                                                                                Entropy (8bit):7.994697397316035
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:DelS7jaRfXCEevMIUDlJTxahQBz7ebtH4ZIrTbc5oQ9oE9Ndnm0:DsSCfXeMflJNaQxwHbb8GE9Dm0
                                                                                                                                                                                MD5:3E342CE5CCB20AC8358C59D7FBC42547
                                                                                                                                                                                SHA1:A9AAFE7E976967A707A73EED99F88E29556B54EF
                                                                                                                                                                                SHA-256:7286122476224888B98A8C96315796198804F4EB98EEFC594B186FCEB19CC035
                                                                                                                                                                                SHA-512:4C7F6BF42A727F369D2D24B8387ACAA6DCCF4013E3F0B0514A52877605EE47224F30BD5132C5531EDCA2B298C180A8916278E1DDAA78C9A0F7E9CABAA1AAFB8D
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:..=..z..R~W._.2.V]..A..t...........u....kHb.p....E..yU.k".:.W;.]..>..[p.j>..Z.ID.y.Z.f..Zz..I...Z.zF......A..v...SZ..*.d.5..vg.....;.D3N..a...._...d.(P...B.$.W.........?..K.."...l..H..5e.L..SZ...X...G...Prls....g...*.....!N..L.c.....2........._.H...{4.=..x..)9W.V.D.^+..?_...H.?.... ..O......!..3.C.0.=c..P7...@M+..;O.@.?.Zx.'....6W...3..C.....W!.......B..d...... ..A<.."...U%.&...`.....Pt,......a.........K.....>......V.+.{7....K.).y....U.rq.K..1...CC.2.29..I.d.$g..?[g...'...@.k.R.E#.s......XP..^*.6............Y...z_+.m..*...rJY...#....v.|1...GhI;q.L7.q,.J.w(..m.L..F..L.. .1.....i..v.8...@..H..{`.P@...+../.Y.H...8l.oO.aQ..:R".......~pG..v..?.......D..u..Z0.z....~...0}.D......0....a.s}K.,....!,.....p..,.d.N.=S.N.|M+.u..;,r\..O]HkT.>.L=3..i..'v._..2n..f.4...p..J.2......j..;9Vg..d.#0b.*|..LF.}ji.\.Xl.j....G...>..._....(:t*0)...#. .F....^.."..\..~..W.s.....N..T4...m.:......H*.e.o..m.....jT?'.V'MI...r3....n.^.q..e........Oq.b.z..|v.i....tpU..
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8210
                                                                                                                                                                                Entropy (8bit):7.977993675926974
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:LM+WI3gRZlKacMWgTpKiE6OEyzSJ9CiQrTG2CYjycZjBM9s/:4+WOQYa1WUpKlE78igZ9R+W/
                                                                                                                                                                                MD5:87810C4E8D148EDF6D810F86B18151AF
                                                                                                                                                                                SHA1:57D565F2DB4914CE88B75B11E2FF3AF7EED17B0C
                                                                                                                                                                                SHA-256:B75D47B1BFDB16B05E99AE67043CBD3A56DE0A8A6004C630D7159122E4487F32
                                                                                                                                                                                SHA-512:2A7BBBFE3974B22F847774D5BE82D242080DBC60898019C3DA10C27365D6FE16A22D1F6C7F05B6C53C80A7A45A18BB3842B464C5B986BE75B92920BEDE880A3D
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:/......t...C...u..:...O...i#.z:s..q.d.==...O9.Fl?..m..U....jK.....l....J..z./.].O.C..3.E[..N......\a....+.F1..| ...ZI...T...i@..z".O_..l.x.T..qu....-...A.Ec...4.mE........4...g..GFPRS.j&.>.i.@.6.i5....`.....|=.U.._Sp.zg.......i...|.xT+..3'*Pz._....L.2,....SW...=.. 14.8...N...5..V9.[..l..gX.......,.?.S-.-.`..0...Nn[p...c...X.)7. .@6/..U...?..1L...|VdV6E......z.......O.m|.D.2..6;6.z0M..x..b.....R.v.r.ui..P`ZA.h.......>{.A.....,.F..y... .}.?e..O..e.ww........,n.Y..F......B..s-.g^}.).0.Y.J..e..|.....Si.(lK..,......zM.TXO52.....R.}.bL.0|0...X.....n.n.... g..\tNB-7.....8.'.~.....^&..R...LO....)....U..;. ..G..UK.H..!...%.....a.].3.8Z......M.............M...[;..g.....I......,..v. ....M3!....Rb........e.4.|.|..g...)...9j},Uu.. ..p].....e..ni...w....~K...$O...H...Wtu...AAR. ..\....P.qEq...3...~.....k\.......R]U....?ry....d...V.a...X;:..._.H@T..>qp..<.....;..)...........[G.....q.W.Fy.e.A%......i...u...Z.n.`"(N..G.....K.?W..%...#4r....g..@.q2.;.q. e&&.....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8172
                                                                                                                                                                                Entropy (8bit):7.978378493141653
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:QzHD19LgOwoeBgVTpSetqv2keWrxpO+/kTwqZYWoSeI:QzrM1OSeAv2AFkPoSeI
                                                                                                                                                                                MD5:0B2ECF97906FE1F6A3F2A8775E319D41
                                                                                                                                                                                SHA1:9E614BB14334D87F89D3F415F152AB7F53D61975
                                                                                                                                                                                SHA-256:37A09CEE4EEA2911474D88A77D7B51274B7BE19E916869BE231FB94591F8B066
                                                                                                                                                                                SHA-512:CFD1170B619DE7F25FE368CDF92B0BA690F7391F6DC629B41F047216D32459E7ECAF2D6FC25A557DE5107958D2F45A447A354D918922200E8C861DF02DFFE01B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:~q..Ar.C.?.CdsS.....%.:t.u.w...v.HO.'~3R.....R..v.6..@.gP.m.SO.<R.......9.O+:..?......G!%RV..%....%q....^%.Qa......{..=. ...P9.P2..]...Rc.....J...d`.T.X...$X4.....; 9Nc..}...~.L.ga....q...tZ..!...)....O..G...4.....V..4~dm....XD..).~1x.)i.B.].B~`o|C..N.....D.5...j=>.~..)..zJ.....v..z.6..x.|.g{....'.,|....-.v.,..~y..{B.~1sUty.2..i).n.E...}....Y9.$......k..@w.K.0.p...G.#.c.8..+(..OlNM....,.X..].......8##W.G.%.).0.s.W...c..[8....u.WW...b.0_.2.K.......V.;x.B....[dC....lt..h.......f.bP.D..s^.lr..=......;5.c/9...j.....,...]..m.H...:.$). .o..'..7e..Tq.,0]c.r$...<.z.1..!....YE..XD.A.p..N...A,.^.?JB."....!p...v...X,,z..r.u.3..=<(..6G..a2.9..SB...U.m]=..W....tex......!..^/!~\..4...:.C.i..S..BO.."...X.:..ZDP....H/N...:>`.-..., .r.^......8........Z.U...%c...^...M.....O..R....=V.a.wv...?..fG@.O..6..|b)e.......0..f..x...X.F.#.....B..W...~....._.x...6.^>.E.".....aFk........^.1&...>.M....[y!.@........_EN_..&.A.js..p-*t<.y.R.e.IV....D}.+q .o.a.....W...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37275
                                                                                                                                                                                Entropy (8bit):7.995248201447292
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:bX6z0XuE3zLxwtLMh0msutAMxXcbKmvNueLjvq89LCQdea/2VLC7C:r6z0T+tisut3dIX1u8zq89sVeu
                                                                                                                                                                                MD5:62E207E4105D753E4D69505FBD600999
                                                                                                                                                                                SHA1:B5CDBA3D8B80904F4111D33E47E6F150418D061A
                                                                                                                                                                                SHA-256:489CAC517A696E8F34F27ED922349A6EFE26816FC44CB2F79033439DFB459DE8
                                                                                                                                                                                SHA-512:78457495888DC28A496B9420879BD9468B1BB8DBCCC44FEBB1DFC72098BB8D3A60AC7E504157DDECAB073D5DADD75313EC31C6A8121507B613C35F3E6A0E8E6B
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:.H.,M1\..V.q{.......[w.d...G=#>......56.,"...?D...R3........!.&.Cv.P..]..%P@.t.../.7.Q..`?.....t!`....h|[-1....G.s\.R&K$+...Ao.T..8.K...p..i.k....i.....d......%W.2.........(w<./.{.?.T....o.B.P......9..k.2|sD.Z...@.Uz...S...S....H.uh9.#%4........z64.$dX.r.....Z(#.wJm..dw.6QB.V...X.....l.[.S....0s..T..<......z..}..uT%aa..)...3..q...M%$.P....x..@.....z..2.n....M..&...k.b..?....xWaJ..E+.[Z.#Y..Ew(/....".Rtfqw...9..v.:.ak.]].{K.?...F$+.&b}...=..y...l5.r.=7....`G..[....QH..[..x..O..a.@x.)@..@-|....rz.8.>9.h.....?I.......././\.]....DT+..........,..%..(.. /..2....@......".H.....*...!.v/+.B.0..W.j.....2nv..U....n$5...-..~#.....n..E.....(..Oj.D...n.{.i...^J...&}............k..'....J....5E.i ,o..._......X...(..VR.sb...l|:.++.G..l../..-.....>.S............x..p........p.....c}..#..2....b.@yCA..>_....T}O.....V(.,=..R ..&+y.x*.....3...u.K..<3.....x......Gm.B5.ayt2._.S+.....kjB...4va.ge...U...0..Q%v..V......g9....N.. ...Y....v...9..=.k.|.<.......h!<q....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8168
                                                                                                                                                                                Entropy (8bit):7.9751556048720245
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:tazFmVki78WwxvvKiUFI42mQDJBt0U6q+nWpshLOeiudt:SEh789vvK3O9mGJz0ljWpshLOezf
                                                                                                                                                                                MD5:2C93DB12463292162344ABC3B1B86CF0
                                                                                                                                                                                SHA1:B38A47F436399AC1D3FED4036AE642279DDF867C
                                                                                                                                                                                SHA-256:8D1150DB9408DA1201E82874E451282EC0340A58FB40F5B4CB1F935622C39322
                                                                                                                                                                                SHA-512:C38C06F1B56FA1554F016439EEA566727D37873161AB6237D22E0A0815B5004EBF8E71B03D55909BE32F2C3FAC16858FD7E6FC7DF7DD9DAF04A26CFF15C8E215
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:........P..@;.......?..f$..5.b.B.3.".....u8.H...d.....W.>.............2G..i#....0.9.i. Y.].1.?~....m=..A`.._.......in...T.t.Iv<..kc...-.;....M.e.......M._h.6*"..2...L.3.,iz.,..w.V0.<......}.`.".G.c2;.x..`O.N\VMc.\s...-C.?.-X.$..7......I..x.....b.~...X..$.r..2...C.~...8.9s../7k!<.|p.6..!E...W*..&t.R........C.&.nyOD.....UO.Z3.X../..v%....:|U.0I..5W..... P4"a6b....O.r....~........#_..e.....zy.d=.4...e.bFB.S9O..+....c.8.y... a6.YJ..$a.*...hav.._J.2 ...P3....E.Q=DZ...H.^&/.m...T.m..@.}O...Pf....8...<.hA.._.'I.*.x,Y6{#..^./.x6.'.5r.. 2..*.Z.s.g]........I."....0p......i<C3&2B5q.&[..>....o...Zu....B. .../..^C....'.fp...<......9C.....]..p.+Y9...*.\].Y...H.r..2...5.ql.&....-75.!c;.T5.|......1..).p`}....I)..@.3&.........T...Ee.,y.5.S..P..H*b..>.....]...3....i.?..`%4..G.N+$}..O5.....#.....O....b..a..X.o...D..........j.....y..u$x.h#x.........O..."..[.v-...B.2...l..c.....h.../%2.i.....m........(.;..r.....3.JU.x.3gT.h....o...j,PJ.f../xL...=.....#.f^....!N
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37293
                                                                                                                                                                                Entropy (8bit):7.994647009079877
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:G2m8YFRgll9U6odnoR+pGUdQkpPBfvDtQntQusMUl5rq1/B33KJLo8pBDC:5VIgl7U6odk+pLF6Vn5/QJLLpBDC
                                                                                                                                                                                MD5:B62A7835130AA84A8E06E374822B04FB
                                                                                                                                                                                SHA1:0A7A87457F1AD57855B680E8BB1E407B420AA75D
                                                                                                                                                                                SHA-256:AB663553A835EE38E9A591731EFACB49CB923FF2C7CAE42D516FF4238A1B2E1B
                                                                                                                                                                                SHA-512:300A0334590A4BE7A56ED31920EB7819C335C40B06A4C1345868BE3A85BD14F4B078874AFA19F39C118430B403145AD7AE376959FF669BC5C3D2774541BA4EB0
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:....@..K.\?w`..B...z.F...>B..-H.j..v......6.."...8..V...._.,M.,.P.h{.F.4H.2...I`.j*I_.k....'...O....>..............'5...#qt5J.eNF..Z...i.N0uC<....*.#p.A....;s]...^.T}..3..T.+6].@.R..._d.k..N....ta.!.....W.S$QB.P)s......F..=a....bJd<)..x.......jx....Kc.6..8.o?."..U...............?.R.....w8..-...p.Y....7@..D.g.6....S..iDB...t.~U._...w....W....?...?...%4...t...J.9J..M .....Y^D..$.mS.K.5..m._.wA)cD.........1,.%*@C.../_..C*.t.'.k.7. 9....t..A6.<9c....#V..m`?.N.3Z.....mQ%..h.q..iK.d..Un..t../U..zg.gQJd.:2......i=..dd]..0...j..d.....O.<.W0.#w.o.G...F.7v._.pn,.....t..kg$x.9".E:M..I..{.Iw..14.3..*wt.....{.\Z....i...;....D.za..]b?j..%.p..,.MH..R...n..s.e....E8..T.6`W.' .s|a......M..{..BL.....E......J7/..`H13x.~1.!....E.._e....E.Rk.F..|..."dsPs].....*....q.vu.^...............T..%..2n......6n..B..}.`..=..|,s..$.)".....T ...1.Vq-h.-.s...??.6.....xR.......#4.py.F....~d....D....`.z.....U..x[.XVLy.c=(E..Uqx..>2-..?0,|@.n.t.E..]Q.?.".....Sb.!B.z:...\7.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37300
                                                                                                                                                                                Entropy (8bit):7.995384860373797
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:G9Wk5NhDfvaxia88YhJFz0Q4w0xVc6YYaocuZrvYnr:G9Wk5NhPJ8YhJFAy6Vc6YZmZEr
                                                                                                                                                                                MD5:0D1C77BA7D93A9FA3026E30627C755AC
                                                                                                                                                                                SHA1:9A7712657B1B4306CA2C7230A3640E8DBE134848
                                                                                                                                                                                SHA-256:A3DB0FBB1E0C75A36EF582163C0BA1F35D7553EA9B6514A9E1EB3885F17DF8C5
                                                                                                                                                                                SHA-512:2074CA5DD0B54B3B1072ED71341B949CB770D1226044672C52FD9AEC26B417B5F979E677A5A2836142A32D660644CB90AAC75988B03C3C436E9B5D18027A85D2
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:1m....0;...............N....3..$..H,.....aRnM.j.1........s&.....a8B..q..h....:.D.).X[6.E....2F... /R7c....{h....j.\...C....u...y..O..c.7.~...C. ....J...a..x4.b.6..1g....B.N'.am...r...F=h.+F.....`iN...@./.{..w..q...qZ..`.".;Fc....w..y.h91.G..)..}...N.H@.M......MT......2......=.DC....3......X..Lw..|..U.x.(....l....:.:hF..#l...a...^..>y.9-...Xre.....ST..G;7.G...;M4...fPa._.>s../....}.*6s.....7..M........e.z:K.e.OlN6.(.{'B9. A.Ql*..........93B..\.S7..Fq"6.-...f.%h..{<.Faj..B..{.K.S..........a$......cc.l...l..~.1...t..v...~....c...2..KL...l.e.j.G..Y..B;....<.~.2......4.\..m>S++....,wC..........a.x.0..T..ql.a.x.....<#D....-g..3......=....S.............%.TR..,...Y1.....[.;..OA[...k.r\...K0.v..:...c...e0...o4.. e.._..^.e.UN...^....x..RN.(lO.$ .h8......A(..).}.aZ. .x....?..,x-..A.|..jR.vOLL.N.g.Y}..y9=`...n..Qb.}.\.......e\..B.p.l.V.OC....O.J.|R.Y-......&..s...h.J....R1.8..89i........?.e..r.pV..,.,..y.~?..4;.[....;......|.r?....1
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8175
                                                                                                                                                                                Entropy (8bit):7.978653568887115
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:mx1TG9Xuv5muHCUL+ZSu+ZBthsTYcSrePKw:8kuxm6CayWZrhSzJ
                                                                                                                                                                                MD5:77B2C67CCDF84E452DFAABC6C8F3BDED
                                                                                                                                                                                SHA1:65D6D48A12DC8BB6F45C08802E9040DA606D97D0
                                                                                                                                                                                SHA-256:6C26B0EACA3271002BE27DA10EC2388A6867B4D5288CE25DDDDAAFDE6AAA99ED
                                                                                                                                                                                SHA-512:EE32745D2FEAA954C2488D43A413316A13E75160AD79087911A2B2D6D08EBFDE19712AC415AFCC009776EA7B5F9560571E69956EA487D682DFEF24A3FD99CB1E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:....D;e.......)p....U.....=...14\...pE...H.<.....6.G..V...!...P3..X..)1?#.E...._......s..<.....2Q.....w.4hz39UR.J.j.L........[.go...Yon...1....../x.?...In.....][@.ifJsk..V.<..s.`$][...otz..it#.k.>.C#....GS..:.o..ds/.Z..F.."O\.O.....P....Z.5c.#..*0(....83{..k .B.....-.\%.J.8.....t|LM..l.k..7...c/`...~.I.5>....+..b......=dP.......(M..Y......U;[..|....*......0.._....c.adfu#.*.. ,...r..; .S.".A#....../.#...F..S..R..t..7.O......!H.qw4.........@.q)1.Z$.X.......,..c..bK............`...>.@..".....M!..hk..\..u....*......."C.x.m..X....T..Rc).eH..X....+d_B.vA.s.yS..k...c....[ ...TE.YN.].NW..-...~Z...;....^.SA...J!12...C..J.=<......).y..h...x.QngUt.%.Y<..i.6.....3na.gv#...>.#.W..&..a....u....U...../..c...X.....m..:z.Z.p..6.......!...?p..N....Y.*....C.i..[.)"%k)..PQ.;...e"s.C...F..0Da$.H.~i..K.....YL.{;........$*....WW......6n4wG\..;p.TJ....w..G...i... &.....>."~....g.3.'.i"<....f.?.]T...$...j........0O.D5....3...r..=#.G.?....M.4..:.....>I..`#Jz....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8180
                                                                                                                                                                                Entropy (8bit):7.977417089296266
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:147BKaOVS6uQE82ZVF8r7xqGZQbD71SbvkXAfiF5HhT+TSoOwjAV6a:qv2lnEtHF8r7xqaQbD7AjkwKNTpwjpa
                                                                                                                                                                                MD5:A462F73ADDF624A0582E4901DC13FB0C
                                                                                                                                                                                SHA1:3DA537CA8A8D057B618FB4CA734CE75802D69B2A
                                                                                                                                                                                SHA-256:2FB049200244D90BE5F8E8C2678BB65AF15B334BAB23A0A8554F8906456CC6CA
                                                                                                                                                                                SHA-512:EA172F1E9F75E335556C48A2928BCC0EA231E97434CF925EAB15323661BC27776EBF52D322BBDB36D73F84FF87720512D6F42BCDFC354B3890ECF333CDFA8D23
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.OY.8..3.H.8.`...m..L#.i.L...z....F..Hi..m\..aG89L,.....3... ..oP...'.9..%..|.......y..S,....g......6l~..+~./....j.....".......pk.....T.(.........>.S...k...../<.?..Q?s6.u.{....3....{.\....'.....E.....y\..0.....=.........p..&...T..C%......'....V.Q`./.....*..Q.b2.".2N...VHF...S......[...jx\.t.J..rGQ....;.A..%....X@%..r5..(zU......:A.V.:q...v...$.@...o.5\....}.(..K.......{.2....7.`q...x..D.=..E.....2...8&..;^.P.\.....+...jw<&I;..Xm......E.P"Y)@...@O..pNU..}..'-_RR.On.>.....EIvo(@:...,....vP..P...?;...H.j5"p...'..|G..P.hM....SILF{.....=.T.X.W]...'...^..s........KZ......k.^.W.%>..~..M...IT.k..+..H... R..3zm....b.y.._.bkK.7.....43_&.@$.7.......6._.E...H..*.fy..r....E.).1...}...]g....e......0+.....d.7.....B.3]....e.<._.....4.U...?..m{f...J<T.....+S...=.CWt.w..s..~.Sa.p..J9J..k..=....[G.......T4c.......O_.".yb.w.....(........d.Zu.*..u.y{.y..<....\.....f...ox.C.|8kt...Z*..._.gK;G,....3u...&V.z..r......!../........Z.......{...-h..]........>v
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8172
                                                                                                                                                                                Entropy (8bit):7.978454555082237
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:b0nqpydjArREYGomg25nIzM//E4wsGQckXW38meC:bTpqjMRE9c2uNLQWsk
                                                                                                                                                                                MD5:C6A621E82F791EF962C25ABA0CB7A1CB
                                                                                                                                                                                SHA1:430C6377614F28831380BD3B9F66A13365D9097C
                                                                                                                                                                                SHA-256:6077C5ABF7CC7ECA10A7356CBC20403CF0D97EDDC86AC55E3E3FEAA42D4BD26D
                                                                                                                                                                                SHA-512:4DBCAFFE6A3A2C0200270E63AB4627D3E9E2D4BE84E9C9948F8B7959B9E7C1B2A407976D446A933BABE00F43B592DDA3396E55559748502FA3DBA52A92B2290B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..l...h!m..1..r].'...!..j...<S?..Q.M...).%..q.Lbc...y@<j....^}R...n.&.uV.?..6.l..>..S..(.......Y....W".s.:k.8...nEK..5.P..*......'.... .,x\1..T..I>.tC.o...#v...FY|x..@........W.e^E.....l..!..:`.~....R0K.L.d...J..\...H..b6.9yd<.V-. .........C{.~...IE.+.y...k........Q;.O,.{....-,dO+.K...r..*"....n.../...........2.?.9....$8.=~...?.J.n..8.9.V0`.i..au.Vr.:..V...&......Yq7.w....l.<..|.n..+.w....C]..$.sR...-.G...tO;.&...b[..r.;.+@a*........x.`[%....Y*H......".J..bP.?[.|..$a..O..g..LBfA....I./W...D.G.H..*.y....H..z.H...p#>N.......g.t.(..*+..@.......Q..........<......:..e.AL<{_.Q'..I...N....wZ.B.c.&U.....6.j@.(.....;.r.@5`..C..c._....J=+.Zq.|m.]..V.~..g..X..g.k.e..B.,<..."....u..*.1l!.C...\.o9...~.8.k.<....}m...f...w@g!....{R.6..P.X...R.@@.$.N.I.O...J?SU.NXB.<.i.D.V0.....]...E...'.......=...r. ...'.gs...Q......P. ..ca....V.A....w{V..6O.p>..1m..........X..*..3...[....$\x.?.y..{>.$..YI.`'...y...NG.3.......1i.aB...>_W].......@N..1./.y._...Q."...y.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37301
                                                                                                                                                                                Entropy (8bit):7.994810914643542
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:gFZbP0RZDeBI7aqI2qyZOrllEhcHQEN4J2J+6EQej6tVsqlKtH:g3z0RZiq3+fZXEkrsqk
                                                                                                                                                                                MD5:D509B8435DA43D40245A48DA9A9734DB
                                                                                                                                                                                SHA1:0A578D2B97C4345D492E5C8EACF575BB3A2EE218
                                                                                                                                                                                SHA-256:E5C1C841B99B83BED38360BC3228833DD9D91C3CE1B46370235F9E5AFCFDA154
                                                                                                                                                                                SHA-512:5574355DDD900DFAC15AF0F096A4521CA5ED154602B6187DCAFAA97DBBA71C58C0BFB61D861F894997EA6A435043D058C325652912D122A11FAC618DE6D6F03E
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:.D96.-N.5/.J...N..B.Y6..OP..f..w-.2.#.=<..x.|@.;..h..c...Q...EN....l..e..C+..3....2(...8.+..jMO%`......f.....J...'.5B.~7`..`.f...(.<e.9......h.I.uy'A..<D..j...Qo.IC..D.m.AZ.*......V`...|<.(y.\...!J....".j,wl.lq.N.:P..E..Q...8..d*.o_..........C....L[u.S%.|..,.7..B...BBE....8Y..pl..>...m.......Ew..........8.6.e.u..F............(.yqc...M..<>6C........%..BFC.C........U..>.*........m.S.-....)..>... |......t........!.=uY.'....x.../.... x7.P..3"-....p..wq...Hk..4..7..!bn.w...A....Lg..})|.....\.r.....z...d..D.t....d!.6......n.F....9a.U3......*c.q./....b+...g..3...Z..o......t.b,..c.......S..K". ...3........g.t....YM..m.4...d+....V_lS.G.MQ....|....k..d..(.6.j..1.@E..-".g....$L.ON..Ts2...2..l.Kb*.f.2.N.#cS...F..'i..i1..*r.k.....$..k..j..:q.b..i.xa......d~.1+....JQ....Zl.=..M...0o.-d.....V*0.B...u..H'..2(.y.v..U..M|...nM'...!.........:.ug.X...dB...9p.....+w.....L.l....p*X.].S.......|5..0.3....I%..+0..g(S<.^|.....)..r.0a.4.+...N..C7..A2i.>..+.zd<.+..
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8172
                                                                                                                                                                                Entropy (8bit):7.978628088629221
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:jSmATsI9ewAPSsrkw8CUUBIbmq7/C/dcq3IMa/:jSmATF9dJTUOJ/CKq4//
                                                                                                                                                                                MD5:191D5D4BB705E26FB0F19A6DBAC61195
                                                                                                                                                                                SHA1:D705A79B6DED16770E16A35F7C2F8B2BFF9412A7
                                                                                                                                                                                SHA-256:0E3FE98D14A9FD3425999D10028A0F91559B656969841FBE9E65D5B9F2969B98
                                                                                                                                                                                SHA-512:7EF223842E54493FCBCEDAAAA320B31F079F8F8201A8F41A43E5817ADF5D47D6833FC9EF52D4AF7FEB0408F1C191C83F672A49490286D63CD35A89A19D62B2D4
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:5.j"\..vk$..}...tX.O.&"...v...zs..M.cb..P.F.....x..&....o.#$gT..0....Y...W_....K.n.u.p....{Z..O.b....:..ei .h4...k."SP..\.,..>...&@....+te.+....YNa.T.b..d<.c.`.~j...JKu.Ng.> ...*C...5.j..k.."...h7./.yD7#S.........^~..i....Q.Y..1...Q.....W.s P;.a|..9L..+`..Hm.BGo.\.<..a.p..8.t.8......\.....7.4]..O@..T....*M.....n.....o .+.n...3...............^&.{.P..0k VG...U..D.....R........../.L?y....,........Z...n.o....._...}e...V........1..Q..8XP..4s...la^O.i.CM./...Mw..../..y..d.....^..+[79\..~5..o..MK1.`e8..V..j.:.a.._...b.-."...k..........&..4d...Q.)....+....k%........m6Q.....S;[ ...3...+.VL+..;....jt^S.es}..........)r%.~._.....0.J.=..n.>.[B...z.*f.:..n....-h.v....v.5r.&..L...L.-....-.LOO.@.}!u....tH.(......51.....64.{}.N..Ny.r.1*.N$....V.....R......U.v....g....kN.... .A.* ..8-=...|.C..@.2..[#Kr......J......T.{'.?a|..[...$g....nQ.O.g..W..Bx.veY....*.V`.'W0.;+r..].#.....H...eY..d3s.LC.%.....@(M...-.u$.e(.r..Mg...*.b .....pq`......ECY[..WF....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37286
                                                                                                                                                                                Entropy (8bit):7.995173419065114
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:C00r1+vT+URMnX9L38vMlbMh8SSr2iGDt3+T9MxyueCjRdd9T3JRe4:M1+vT+tnX9MEbe872N3+T+xwuj3Te4
                                                                                                                                                                                MD5:DEF407D9D6093DCC297468DA868B3F76
                                                                                                                                                                                SHA1:6685DE787D19C5128341D9A7FE782F2900573574
                                                                                                                                                                                SHA-256:53ADD0AF4E4C1EEC84F2331DBFA6C6A56447F9CEA86DBC0F1215D64CD90D6DFF
                                                                                                                                                                                SHA-512:13DA080AFC072B254900C59CA402CB346115867D4B60329A0D2069BBB1411CA1C5EDD8A8161DB862E7ED620929C9701B58269B4F24BD8954FD3EBB9024ECF789
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:.)..Yp....g./....z:....*.....=.#.w.~...@..B.%~........;f.7v.....5`.3.N..q......Zo.4..1w......1......-(\y..s...2zZ.,..>je..(.7....7...{@....G....w..i.[1.Q...J........w..........T...9.Y..$.Wu..8c.S......p.n.....J.....zdE;.......n....<wU`J....... ....|..U..#P....njb..%a.....b..S.A...$..a.L.....IN.....ZJ4.pc.K.3...q^.KF....*...Qz.&......wq.l{a.@%...6._...s.LbA.c.../....L....[.!..}).T..p..;cj.....\...V-.....n.2.......K...GPN^f...x<...l..d..../?.... .Wd..E.>..............B...~h_;....w......%6@.......;.B.&4..}x.z.-!.o=.e.s^..6WB.S.V.Tq.J.eSyh.y...C#.6TY).\......G.P.5%..`PW..'.M....ibf..F..s?.2.~..1.^..s}.]kj.....J....}...#..v.5....c..\..v.y+*.4...s.O.q......\A4.#..6..*(.,.f.....~y..lEC.w.Ib..W....`7.].....+ao......MD..c..U{..!Ia+&....'.q5..y..e.R....xk.1..X.q.{...^..$....8h..z....!.k.!....s.. ..t.1_....K....h^g&.....Rg.p.._....|;..P......U'.7.![.y.....fl.L.Es... 7f3.".K.%'s......n.".@.l.m.....(D.).&.H|"..4..\..}..]g..wx.X..s..B. .1U.4'6.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37273
                                                                                                                                                                                Entropy (8bit):7.995269185472325
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:86u+gwtwdB+hxi/oTjTrzIfy61Vb+PF9YBMTbgbVepIfl7IFm:86u+5wdU/yy2l+PABMoZj9Km
                                                                                                                                                                                MD5:7FB0C7A8DAD0A3CCDCBDDE593DEC3F05
                                                                                                                                                                                SHA1:D043FED5AD7E9E1BB56E1860AA098FC2A9B08591
                                                                                                                                                                                SHA-256:7BB4C35E3C00EDBDB13F6321AEAB541CED9C5DC1D4F80E007F2152758E12040F
                                                                                                                                                                                SHA-512:845173FCB18BF31918AD70F3264C85303E1B5B44253DE8ABBF9B9E5847541F40C09D8BAD9F0B6F9ED72C69BC791ED767AE58F50BD6280C756DBE818E3C7A3E60
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:.X....J.l..1......w..6.....10..q.Q..~..........w.q...'..I~.....dx.7..K.a"Q.W..=T...x..L.D..l.....S..e.k2..f.;!..&..*..B.~.....!..l.&...f...3.B....,..-.T.....r.\..a(d.+.H...i[w.S.M.zo..{.%.M%#a......+5[..nx)3p.T.D...|Sr.UIfp..@\0....N.V.....w.^..."...p.k..].kv.E\.h.\^..Wb..,$....J....07..rJc`..y.d.....Y.).D#....@kP1.5V.......<.~...........W....y.MQ..........X%.1..;..1.Y...^..S.....N.....W...v3...U.B.=...S6..He...\.R2T..{..u..9..Q-$.GZL....;.{..o.&D.e.<.Z.B.......t:..3.4.\1.{..K.)q..X..q..A.~..@y.O.pN....|lP.,.q....9%g.<5..,|B9P}.2.,.0.\..Y....os^.<....{9..H....W..y...VP.....0..A...s,..h.......M...n}..Lm...U.{...hp..E.m...Lkq.i.1[.c...!]...4..X.?.@p...=Ti}.....&".....J.....m..02...}..|R)L..,..q.Ngr...E.z............<....m.n."\...9...~.5d)...fP............I<A)'uE...b.OaU..."..|....M.R..:.&..O...3.vD.........t...Z;$.t....VG"...2.KS...j...'...v..v.....LF..s0~.oA.[i.'..W.C.....T........t...t......SB.XQC.&.Sb4#......... B.....`..T....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37277
                                                                                                                                                                                Entropy (8bit):7.994737335834155
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:gagrjqmLo43iXtG/6i0ReeHuHlT1LVFG15LiGPJjpp1REDT86g:g/am84yd3iWOHlTbFG15HtdEP89
                                                                                                                                                                                MD5:6418223DAA9D336E1D56509BBE7FC656
                                                                                                                                                                                SHA1:9121067536A60EE4A6D315154D12EC8440823FF5
                                                                                                                                                                                SHA-256:50BAB0B815001480CA5BCCC261784EE6D4DDE352DC56BD683F152C3FA28D0BF8
                                                                                                                                                                                SHA-512:854D4661E06FD922BCAAF83493543C4C53DCDFA4F32B559B980BC687B9DEDFF5A9476EF5CA1B8702D6719502ADFE31A8B745BCA8515A704233457B1B12355549
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:....0..v.9......[..f....7.&..5.f......u.zK...D..D.......A..<L............;.......,...1...&.i.@%,.....+...g... T.B??...j....}.X9kHua....(..P}...z9.<.z.\.M.@K}5.d.q`Sp.l..Z..C...6.u.^.....5;.GU.!.X.....~B.@Y..-.9......e...m...K..Pm....s~......$0........A.GA.M..x% 3v.......i.$.tk...+....f.-....9..w.U....W..%#Ei!].?.O....%z.....6...B.....ri9M...m.b.....v.7..<iV......&`.+....2&..U...}].a.....t..~.......c.Foy...T....fx.......W..|...Hg$.k...`9......`,..:t.~.c.q.MW.M.K.......7..H~..Q..a.b~X?N8%0n...e..VT.{.s..WP......J]..AA.z ..2...#0..".jp7.=F<U..v-.O-Z..m...6...6.`7..&...p....Ti...b5Bk.0...|U...H6.p..v}..Z.U.U.+.f..@%.... ....vk&A.sv..;M...9E.h6..u.....e....Z.J.6|...3Y.Q.<hm....=m.......oZ...A(Uol.qm~...qT.....u8.|9./.6....2y.;.H..q...L........I.l..N./...2.CN..3..7SC.y.e`W...I..V..`.._...[..jH.`.s^.;.WY...UIC.TN.cL~O`."wF.)...]..$..(....k.*Q......O..+V.tc.|v...P.u/....:.e...O..}o....[...t..t..M.Z..e....qz....e.....f.*.H8..d..f/@..'..
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37274
                                                                                                                                                                                Entropy (8bit):7.995264784774733
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:f3hXILo37sg9Kgh7UHC8FUL8lNtqBBVMXxtG+OmU:fhXILorN9jNiHtkQXxtq
                                                                                                                                                                                MD5:08EA24C4D90F55A5D3FC72F4B23F14C4
                                                                                                                                                                                SHA1:9996C5804F5EF7E75F8AA64056B9BD61218999E4
                                                                                                                                                                                SHA-256:F884B2AA44C2A614328E222A2A915463E1487AB4306FB66E9E81D2F8AA337896
                                                                                                                                                                                SHA-512:70DC42DBA146FF6146198AF9E8B695A1F3B751822F85CF7C4EEE44AEF2352DD880F2A6E242F1661D32F924C41197636257C5F4C7EAF1864E0ED2C4A7C630AC60
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:r.,.?[NL....mH.a0JtJ.$..]......l.....p..5e.....A.G.fG.MBOC.=T.)...A.p .\.!.r...pE<.4?=o.m.ho...R.....e.K|..}..'../ad.F%5......5-..PNL....62....Iq~..d.@.'.c...|.]..Lc....l.....2C.|.o..1.E0^.gH.>....GC..Y.d}-.6....`..+d....rN3......I...(..^.N...f8..A1.d.:.L...X.:W...t.a:..6..h.tu.`..,...1W.M.>.gA...T.....6./*5...&Z...".e....@...i.:...Frq...'..,&p..G....$.....d..p.k)].Wr]...CC...q....s...g..V...)cY`.`G|..`@...2d...pv.....G..M....N.......W..)l.2....c.\.p.6.{.....W....y.zn.]Z....d|]..\e.6.fv.q....".q8.....E$Lz...m5G9.@`..I...w.%..u/...<.../..ng`.......*..O.u..S.vk.....g.ii(h,..2.;.WL8..&...s\..9t......+ve..9..p7k..`@.R..u......cd(a.;.....GC>..7.G.D.....TM....Y.....H....Ax.h...V.b...u....3...$.f..".e.,..znU..B.....'...OQ.(...f..?..17..\.`.XBE...[7szr........F.....F.....D.!P.J..o..'.m...5.........8.7.s.5.....i.....1.+Y....H2O.B....m.u..#..c.k..a.^..*k{o.p8.......@..N$.%.Ib8.7....H.N/.l.m.5."..0\.(..1$....!.O...HM..T..=}.&...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37281
                                                                                                                                                                                Entropy (8bit):7.995142296717228
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:cC8xtFCOKC84Aoe3VR6vos5+YqZA8L7LVkEoTbyzRylRHpK0u:cC8xtUVCTQ3L6gskYiPnvzolRHpLu
                                                                                                                                                                                MD5:14DCF66A585F897D559F44CC17D79118
                                                                                                                                                                                SHA1:3EDC7E03CE974C4185B8AA166C409BF52415285F
                                                                                                                                                                                SHA-256:5CBA3D33C62DF784F3A427AA82CC1441E5031B7FD5B11AFD39FC272D91AE0FCF
                                                                                                                                                                                SHA-512:9BFC90C5B78E16D83F12AD31322175D5868BC9C95E0E01E6B534FF6B245EE41076B1373C6241D277E507B1574A9BA5BFF5781A4F5E53C3E1233A1E695C5E138A
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:md.T^.et.}......YI$...%.eRT...Z....v..s....._.?;.vh]......w4.......;....~.[.!.:v.E...d3Q..VV...6cW0|..qjp@...Z....=.,..[...mOG..*.....O.J..>t/...X.m.z.vQ.j./]..in....]D..>...+.U..>.`".....Jb.M.Ot......N.x.....9$.n..;."].G..(....X.d.;@x2;+f..S..Z%.....B.l.S.?..+@...;.L.}...S7.L,....u....d.".G&..k....E..)EP.W.....qOsK%./.....s"...P...N./.}._1..({..nP..;.OZH......%.@s5.....a...!.. ...1.Y.{xA&..,B..L*V.GR?....q....9G...`...N.`L"S...>..6S.....(Mr~...F5...._.P.Q<J.^.+.<]..K9t.u..f..q....3...=U...<..*.^.Z>..7r.7..V...^...t....K..n.....K..x....H<7qr..3.N..^......1B.......[...f.}....m...v....P...e..lO(.\.jZ.......j..........lF..~.8...{??..N._...o...<1....&...@c.9..f.nLFA.W......."...4..z...y.:..:.nO......'..=s..:....Z.....+...E...Kf..........F.4.u,.......g.B..H.><I....`..a..bF./....D...QP.../..:.cTPT.7%.H..S.`6Oj&....t.[._..K...|j.x...#uw.b.....GL....t..ay..T....6Q7*%A....K.......n..,O.Z.&...........S..r...........Vd.a....p....h..N..\..
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):31407
                                                                                                                                                                                Entropy (8bit):7.993479967836051
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:384:dTiY5r89Y8tUB2t7QaA6NfmDCKYACs4mIBII7c5vMlBNmdNrejy4N0EKfCKOuLGV:dT+9OwUajNACKTBoaBenmvs7NXsq9eZ4
                                                                                                                                                                                MD5:232C3770F163662106CD23B0BA79219F
                                                                                                                                                                                SHA1:A0A43EF30F809589F5ED1953EBADFE44E17878F5
                                                                                                                                                                                SHA-256:C8C24F5E8BB1BBEAD84A87BD29289E5CCC51A3FE358E0CF8F96360D8F5B0C3FD
                                                                                                                                                                                SHA-512:6F6BF516435A3BBBB81E07F142351138988C29800D778A36517D1E5A68AA6C817D01CDB5FE7DFD7B0E01A205FE7CD8F0628D5AC9B0A4BD3F34EE012F65EB3509
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:E.c.....].F....@..$....Gl.r..".eyo.4.K.x.(\F8..%)QB.i.'M......T[oZ...}.\.e.H.....x..@).).1.......:.<...'..z...S..:W`X/*.q..k./.a.M(U%.....P..3`Bw....!.INNP.'.........e@...i...C..j..[.2z1..Fv.....s;FS.V.*.[...&L.~.g.6..3.....T&#E..r...Q......:C.9..t..^...Id..e........;.h...2....J6....K...$~.....*(.6.7.....8..x.\...:(.kp..9....V0Us..2..~]..)_..=H....z@45(..B=3..0Z..`.....,..Y`UQ.^,.'&Ph)5........gb<....X7m...4.q....9.).?.$.......zc..Ef.Y....2..y.d.......c..R:..W...2O.....1.V.X. ...ha%.[..z.......u^.......Yn7....<......`...x...........>.6B^..ZE#......p.b>9...J....VM=......0^-..v..q6.4.."....<.-x..0iV5...x..E....jy..m7.%...Un.I..!..2l.Y./..@.y.....%.m">z..{1v..i.*.8.n1..6.%....U..:1`].W.@s.T;.uc..f1{......%X......_.7l.....o`.X...ON.fv..P.......\.HTO..N.=7..;9..m.e ......I.....(.#.HS.2 ..nj..4.W..@....*.L<.#n...$...7.$.....JM..D..V.-."..P.Q.S`...Z0g...._...C.:.\............A.N\......u.=....B._$..<.s......!:.*.4..k....x'#.(L
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37281
                                                                                                                                                                                Entropy (8bit):7.995049484855912
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:5EfpO/5zSh79TAV2F9lyXtq5l1ovFwzvGFS4XRk1g//FyNat61uDsex:5E0/5Gh7Kk/S85l1oNwzvGZR3//FyaYc
                                                                                                                                                                                MD5:91DF4A971EF0E88C901F7275BCE9B4E9
                                                                                                                                                                                SHA1:6A91A49A462AEF0F31ED7A26CCC0D63DA9788E18
                                                                                                                                                                                SHA-256:A7CE460F9F61176EFB48D18F7B8B16FD7492DCC8B5FAD475C3A314DB979C187D
                                                                                                                                                                                SHA-512:270E5A22882D065F3A774B1146B811E30900121B8321892A0E9D57C5DA8DB2E9D5BD864522D862A45D3BFBF5C83B1FEBEF8BF48790F289D7095C923EE53DBBE6
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:>0...........g./.1...w./....6 -.......x.6q;.8....U........E.!<.....".7...>sd..CO%..g.i4..]....+b..7Q...50...K5......F..A*.iv....9.(<wg....*...WF..`5...s8.....".p.F.o..f>...s.d.1E..<.&4dF......,.%u\.FM.....T................(@.t..`./.v.g.F...y._%..a..A\... !.$X...........J.l...*.............U...k/2..'~..J.9c.+3........T....i...........J..f....|*..\=.^...c..+\...QPf2h}.pW.r.(&\...AM....\.........7....D..H....5:. ...u.OC.....;}.....xf=.b.T.y.0Ov 3A..".$.5-T. .{..o...`...d.........v.v.@7.]...joi..y.u4.nr..L.._I.X.).....;G.T...J.ki*....g..b..\.n..9.]..w..k...4..o...I.R........F5.s.b.Y.Pb.T..K....Z.L.......-.E.l..(jo.......T...j.&8.NM......[.+P.k{0....r.....VQ.m8/......a.5.~.iaD....=[".....\q... .$A..>.@....o1.=....4.....E..O|....E.doz..'...^..K....H.0^.1N.xbZ^..$n..Y.!..&...,^0.}..WGQ..EWr.J...h.T.....b.xy.>..:p........Z......".....E.=b.\*[.jA.S.mId.dG.o.e.....v....~........q..w.!.ox..}.6./?v......5'|.....(S.M.sx.....g.pX...."...4.d.=|....|.T..H..
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8180
                                                                                                                                                                                Entropy (8bit):7.974459992306338
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:xAR8PFKiLcOdlhuwEgyJO23X78+pgFSo7HXeBPbPi0jszyIwNr:ucFhLcGljEgyV3X40gFSo7gPr8PW
                                                                                                                                                                                MD5:7ADAAC51A84A67AC299E14D8E8679E00
                                                                                                                                                                                SHA1:61BB1F423C0A859247A199F4684729ACF5F94D14
                                                                                                                                                                                SHA-256:DB5E3357AF711CFDF901F989530FDA31984DB7983D8772BEEA37B325E0418592
                                                                                                                                                                                SHA-512:8D3C39C7851C8E6A8051B5BC3C00F35D42934B88466EE563D64F6A7EC1A0CD3B07A4E6AA4BFC6201346C2D7A97051D302081F2978F245915CF571D91D11E8B06
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..{.P.O.......R.V.....m.OC.3b8.....!...-..!.#xh...^.@..M}..ky.fA......(9..8A:H..7......O'..UEJ.V>r..J...Diy.K...C..u.N8..D.-<.N5.R....W.}W|..b..t.._\.@.?...=e.*`)...;..M.B..TB...C..a...Y..*.?-...D.(..=..(..........tZ...#......I.f.M...0.....h....t..\.z.{....=..F.....<T.<<b....}j.gb..D6d|.}.j..`.U....m0.;..2h..X.........,.....0...|(.Xt..\...xN....Zz..L|...].Hk.j.<..xpX?....hN.@P.q..bf....=.....Q.>...G...@".e.x.*.W......}.-V..c.......d.7..e.(...<.]l.%.;...... .....Ea.%.....%.+..S2'..P..@.../"..R...l,....D.O...........jr.gH..\.........fj...V...L'...H..$nBLZ...09.i..ZN$.&.+........&|.s.X.<...}...L..8ExU.H..Xk...j...i7h...I..o.K..4^.pW....T"...xJ..../..J....w.Y.Zr.......k....i._:.....9.C.oAQ.h=E..n..M....k..~*1=.?.....*....1.[...........c..L.]..:9.I<.\U..wE{......F.G../....Z..](;..Z..U...*........?..7.F.?..%.i@NG=-...!..;.K.~.n.=g.7....N"=..Qxd.A.o7.g..f..F...t!....,.K./WF.."....4C..i.Z.+$3$9..;E....,*.V...8...9.)..H..Kr.E@S......
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37285
                                                                                                                                                                                Entropy (8bit):7.995404392289363
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:NFn7owwSLVkVfwvBBS9uzlpmfKci2bU0lHTuNX791C:NFncwVLV+wvBNTU40zuJC
                                                                                                                                                                                MD5:9A4C884AF01EE29578F961B0F41AC73B
                                                                                                                                                                                SHA1:E3748586AE6827AC8776D4A733BAC17BF312A90C
                                                                                                                                                                                SHA-256:5F7081E2B12860D0555B6D732F58257055FD113BE533FB73E6EC9A683964963A
                                                                                                                                                                                SHA-512:58EE44605F8A529FCB6DB171EDEBFF40F77CC6A69FAA35A1692E277997C4E30DCB00B72162F8BB57AABAFB752C0409FBCA5DC879E2C61B2FADB1D9E5747B8EDE
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:..QOj=#..b.E...rg.R...0.vsTV3.O7....(.%.....(..uX.k..O.9G.Q*.k5.,... .X......5v.jK......h.+..+.f.C.8bby.I.(.O..v..^L.g...W.E.l...&......YZ....O..B7.1A5;.....`H.{.I(..=P...M..V8.s..L{`j*)..kR....Em........{g.4nk'...E..~.N.bS.....$..$..!.w.j..4...."f^....-...2....9}...c.%.q*c..@.+...L.:......:.7.......(.....m..v...px.M&......$...+.D..3.+8..,l........m........V............I;MC1l..w$...}oF<."..t]...Vd:..t0M...O..zg....XW....S%@......8..."z....)+h.3(5x....q-...7........+.t..|"OI.+..\.5.&)".jE..Q......X..........l....2...1_.N.(.*^...{....u...^....\>e...............=hp.....59..l...H*......w...f.kauw"...........pu......5.w..p.!.=.B.......V.z.7.jZ.[3<.,.....yeb.$0........'..7...y.....W.>...~.<...}..4.k.n.F.`w......R...I.Y..s.U.). ..4&].s.....7..$..R..oC....F/.p...>f...<.Z....."..,s{...z.d...?'R%X...MTR......T..Q..Q(3?.M..G.I...P....@x..uv...V8..9..OC...E??......_.......G......e....5.j.#.Z...ql......U.6iIR.S.1....{S.n....3j|.nA......
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8168
                                                                                                                                                                                Entropy (8bit):7.977744828264453
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:QdeSXi3pxmcC4mycjOTr31rajSmnbLWP/301MMo43Dyq:Q8Ki3p4cC49OOTr31mSCW9Mo43Dyq
                                                                                                                                                                                MD5:FB03C672A8FB2BE35A70580813BEED50
                                                                                                                                                                                SHA1:37B91AD3B874D61959C14AE2DE8FC6922FDFEBB9
                                                                                                                                                                                SHA-256:255E5A0C73AA2CAFD4C87A4CD231193CF9C6F23630DBABE71632FC5D5BC4B996
                                                                                                                                                                                SHA-512:3E13CB835ED4CFA1E77E387A35E990C98463FD144FA955D70FF147AECD227F0F2A77659C0C15EABD0FFBDF4BD9D1E7410B5CBE5900164E73D9E6E02BC5FF5588
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.'J...~.XXJ..M[......V...65...H.b.z...P..T".2........#c.p.....<Z..G....P.Y.X..}..`..>.Oq..{.1.....*C.....L...e.O.a.~r.UKhJ..x.....C..wjRC..y(.F.eg.......X.v..M.."..%......!.)&a#.(QL.K.njWO..?h.......l.......J.\...D.......h.....>......K..rl..Jo..W..!OR.h:...q.l`...a]..}.>.(.......{..|V.Ao]..C...b....6.B..-..[>3.x.u.G.toZ.J..........5..9......"....bj...@.'6A..u.|.4B.@......V..l:..w..#h....L.*E.D...A....$..4b..X.&z...T...`0i..Z.(...#T....z.V..6......d.;e2K..8|6..=N..R...wG"..U........F....v....y_.e.}aY..k..;.i...>9.j.......U....R....../..&....e...X>H.i........w..6.L^.Q.......V......?%..BYy.[...3F.i...EEor...%G..o.bP..e...I...,.....Bx....EK......Ok.S.w...c.13.*.=.A.....H.+...O.q...6x..(..K9.. ...{M.6.4..p|G.$.[..w.Hd.+>....>.c.H.L.F.|.dC.6.%]...@..4.....].l.u..8....6v~....a.....z.z.E.#G..cbB-z.....'...s.4.X/.].)...-.Sp(.]S..d>.`r..k...}co=n.kc.QD&.r.../+....M.E.a.........?g...s.k.l...m07..m.@Y...J`...|@?....Z..E...m.E..%..h
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8183
                                                                                                                                                                                Entropy (8bit):7.975983007487188
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:iigqdRGTuA5adIC+wjy6nlyc3m7FqDwSl57H:ii3RCDhey6nlycIoNlZH
                                                                                                                                                                                MD5:E211B69675B9350AA46021811F9B8812
                                                                                                                                                                                SHA1:78114CF0B0BBA080F8A88ACEDBCC0A62C86B1970
                                                                                                                                                                                SHA-256:36A743DADCE18910FD6CE739BDA15EA50082756632D4F8BB339874C6E80DB8A8
                                                                                                                                                                                SHA-512:154084180761E9B62C1F37B0FACAF7E7BB9779A2D720191CE2C2EFCC0BA31089B87D195EFBBDA1B3F9AF2A804F0331F5DB0BA8AC90D618017FB410923358FA78
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..'.........T$...qk"...q..n;._3..C...a:AI..-GY...Ho[.cV....%.p.hz}.r......:\:gz...v..26....#..8I...]s..1.zE...k`4...........L...7...OA...........Z..D.P.A..c.'.L.!........l.6..Q.f......I%<....f8.J.........}.r.. l.=...{.>.g..A.6....-_.x._.....u.?......_)..0.d~.....&..!0.N.!..`{..}....!....`. .E..:YT./.-..6.J..E.O.0.U^.7..........&6..W..d*^....}..P.m........*.G.].....:.~.%.8p......K... Q.R.tI....._8+..s.Y..rjjCP1%.......!.C...=.Xh..r...."...u%..[x..s6......%...;.U.......H..j..U~#O...8..\4.r..6...=.%..C.tSk..)TW.u..b....{(..k....w..-_.e+..a~........).[...,...d....B_P...G.ZjE...w.Iw.......E~.k......s*.].Q.v.....!hl.TI..gN.[.GM....>.w..Bh......S..P.[!.L#.u.1....}...#Qv.(.........G.....O...70..;G@....LR..`....pB.....T.x.D.?..AT.X3q\.g.M.K.X..M.E.+NI....oHdi...s:pC....(.......#v...Q....s.h...B~.q...RS....ke.8Q<....|.!(b..y.....U 4..".].....Y.[.y.......{....L.#.F. !7.D.m..e...J!.v.{.7.p...i...5?.s.N.N.jo./.gR...t.'O.:..P..n......
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:PGP Secret Sub-key -
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8170
                                                                                                                                                                                Entropy (8bit):7.978459506916634
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:/cHtvKJTJct+MY/ZHU//3br8UnsPcdN51heGk:kkJTJPM6ZHUX38Nc9rk
                                                                                                                                                                                MD5:00195195279639C94269943E34D32A92
                                                                                                                                                                                SHA1:EAF1D8FFCBDD4A7E747479C637747B98145560F6
                                                                                                                                                                                SHA-256:3002050346AE6487FA1E301DF7C457C5876451253851C1503737A78A7A356A65
                                                                                                                                                                                SHA-512:1C2CDD029D8F3B3ED665AA1A9F7D6718D6C4C7305675A6A5BF9949B561DBFD451FB215CBDB00D8DC7999C6ADA9DA92F11D134653F5A68AD5393741AEC03A5B8C
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:....##=..i.|l..r6._=*2as"...5... G..d.5..:...(./^.N......o./.@.~.I.:...nD.w..[......PA..t..1[../.!~..'.N.?M.t..\........KR..e{u. S..{..|...p.E..N.k<...o.M..9....t;..=......Z{uU.:..X.....7.7.......0..V:.ps......6.-I.....n.....VRI.........M#.."*.[.......b..r.{O.^BE....gx.Z;..;......fX .....MQ.........7........zR8k|...O.....X?...5|2....u.j....gt.K..9h/..5+..Ck~....d.....b....-.P.{d..jR0{...X..+.S.+....k%.T.\#p..G..4..l.l..D.x!vI..'.M7...<....N.../#2.........L.........&.L....V/.edW.<Pz06..\.s.t..2K.L.v..S..C...X'L$.N......<A...,..EYH.i...8..5..-..p...>.5...P...n.4.d...:k.@T....3b.Y{...`......C....g....@M ..U..Qa..F.Z...Lc`.M....o....M..=...J5...uv....5.$..g.7..W...4E)b3T....y....U...3w....!... P...3..J..;.......}....V.#%.B....O.g....T....z.]...&..#.r..N...R4d........{...N.....Q'\..;uFk..v}...!..K&.'T..}.;&..j+.pd]n....1*.&3.X.~...~/.+...eR.c./.......Kq1.5.%.!.t...s.....W7...VZ.oa.=b.@<.. {.#!.V...U.u..=...B..a-....&......c.q.Z.t......?.(.......?..
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8170
                                                                                                                                                                                Entropy (8bit):7.975171917565559
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:7xNO5dIjK3s5yNKPx1BrjE5Am8Xsf3zvTm8WGy7j2ZAKxWuOgm6pMX:1CC2c5sKF3L8fDrmAy7j2mmHhPp+
                                                                                                                                                                                MD5:FA50E14D3372BB4069B1532F0A3E2B9C
                                                                                                                                                                                SHA1:D76F97130C86C19D8BEFB69D79570FC563F879A6
                                                                                                                                                                                SHA-256:FC0151BDC3830BFCA51D521A322B1B147BDAE082EA8A42AD9BEC48AEAD722CC0
                                                                                                                                                                                SHA-512:C8CD232DC24554F5DFB8EA33E47DC750A56FCA5DAB4E4EAD00F9478D676308A3CD5A2BF8650BBD0FB1AB7C5737FEC84EE876964631C37B795A5B45EE37196377
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.pp.h0!.k+.{..\H....Q....7...Tb5&..G..._...w=...A.......2k:w?.m%..Vr.Ap0...9.q.(........h.d......`(...Uy.v.M.M.>...<jAB...Uc..0w.......*.^.M..Ub.%..=.-@1......z.Sn..i.~.mb._.....UUm.t#.`..U&.....Kq....g.......%..o.*..g..G'....5.|.....>.>.(.}!...O1. D.p..+...GL.[.<}=...M..h.}r..E.U..._}.k};...7Pe.U.w.....F.n....4.y..Ip.E.5...C..'.7H7.....H%.....K.[....25....&..T.C.}.9.#..S.^.M..k.......8&... ........}...#...^T......2B...*...#.w.HgG.o.l>z.....=.'M..j......J..7fE...M.O...X.4.CN.2.f.kl.F...G..hH.xV.l+...(........9y.%P#..R..Y..x..k.........{.S1XY=.Y".p....O..R..p....{b..4.....=.u.uD.G.....#..B.....;.~.....V.]...u._.P.\.....J..Q.H.f......]x...............a.....lE.l8.....dbOi....g...]..0.. .._c......v.w.b%.K....s...9..w;........9...5J..g.Z...R.U.sV6.5&._....5..V-.\.J.n....B.5..y6`....[o4...J..E...`..._....4d+..T9k...<...%.~....~.Ug...y......(.&..4..ZJe\5..f..@+..gI:.v...&*%^.rf.!'...4.F.....#R.N..4..... Y........l;..".a$....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8170
                                                                                                                                                                                Entropy (8bit):7.974686543208356
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:dtKKRdx1a29zRpDxbb+ESNw2qG/W2rIPvZ4apJhMY3FDIZKG9ztx:dtc+/U28IPR4aGYdIBx
                                                                                                                                                                                MD5:4270158D15FE66CE1E593A191C8A5926
                                                                                                                                                                                SHA1:FE5CF4B66B9FEFE628CB67DA13E30D8108E681E1
                                                                                                                                                                                SHA-256:FE271A248B4DA14AC68D2589284BC1D46567DF56063EF1E5DA40BBCA136BB40D
                                                                                                                                                                                SHA-512:6106BE62BCB65DD21B4B01BF78C3B8C09CE3E00B5E428EA1C23BD98D9995EFDD9F7CAB725034727EA025C22009E93AD529F2E956308AA9BB9A2CF10394D50927
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:x.@=. {KQ2..Y%K.^$.wD..CW...s@,.9mT1Du...Gz/...R:.-.Y.. 7fM..)...PVa.v..X.8..LjAg.T.YOwTu/...h..^..J.....y...qC.$.>|b.Sn....].:..}..h..v;.7.^D.jm..3..v..T..X.k........`.f...._.'SV...M...,fG]v...K.N.)...`..9n......-.2..2"...B....x$!.Y..T..Q8.A...*._......."..,e......>wI.;m.On.C.H.....}.$.x.h...{ (,D.,.......7...k..wv~..#..E......D*-..Q.1V}%.9..r..9...E.=....w...Low)......`..3..*AX..........|c&..1..Q....D......8.+.NI......D^.IV............?}.c.7.|..#.rZt.l.:....,_.....^..K).Q..b.>K2..1...zQ.v^2....Z.v0..1.-..K.-..W..\.&..Q...B....Y...+.......G..........VoK.....;.7..3F.5.&,Uw...@../...o.4v...X)...2.UY.A....L.A.QG.|..<......)7.n.y...Qh....q.8<...Gouz...I..|..MU..g6....../...Y5mm..B1\..7G.a.du.....J)8Q..)H...9....-.m."j*.f.....a....0I.q.F...).!...:..2..5C..G....W\.).7.clNj._.m..x.......nxa-...C..oY............P..{B.'s.:...T.X....p+.....k&..;..N\..../....&.U^.w....E.^k.......Xi.,.((./..}..2_...p.q.........y..r.M..<.'.x........
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8200
                                                                                                                                                                                Entropy (8bit):7.978145035762231
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:D6Xc90JWP3ZvLmuwijSgrxvUeONp10r7F64H0jjM8G0UPO0S0brN2/HgDe9I:DUcGJWP3pCuNjvSeO67XUjjSzPO0rQIb
                                                                                                                                                                                MD5:A6B68C891E5198730EF50AEFBD6BFCC4
                                                                                                                                                                                SHA1:2451621EFDA779CCC41C1F6FAE3DBF760B7FE8F9
                                                                                                                                                                                SHA-256:2AD7872BAD6FDF2DA2AA940A7E1BF82EC682F92094ED67A0403A821804CEF0FF
                                                                                                                                                                                SHA-512:2D2553E6B3AA230461170492D6F913A6F115D61E500D5AED33376C281B14639617DED6E38446AABFBEA1CF877D27CC71BD207AA70691D830F480C7082CB382DE
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.u...F......`......Ho[..J ...T."..j..1..X....9D......n.MUN...n.|..c0>6...!..{".N0^E%....NCE.).*g.i.P<..W&.=..1...).hJ..........9T.2.**.....#_.q.R\42.....Y]..../v.~.../[..S.........G!...{Z{._.{..-.S...y........SC...........o.....o..S(..~.b.M..]`DK.:./..xe..v...6...>..{Y......(R..G+F.u.........\/.>.....?..4H...\.g..^a.|!....j.-o:...T...2.o...P.("..K........[.......>aF.....J.W......p..k.I.b'..5.....v{.K.+...jTN..[Z..3.b..q..>.....9{.....@P.OE...t.b.*<S.4.."...2..vJ..>DV^Q...p........TN.\..5.d.Rfs.,4.X.ie..-ruY..........6;...s..VSN"g..*...2:....;..pu...T ....+.6...DM..Z....-....k...Nv.G5....|..r.Y.y.M.:....N.U..v..Z>..v.p.H..zi.,.8..~.....P.Et.K.J......W.Y.....NWV>..EL.|:.>..D1\..R...........S.2X.t......v.E^[.f.*r.>,.G.%...1..m..m0...G(Tw..!>....~H.b.I:ScTg...&F.:]..k..........vxK......;...K..A...u...U-O0...8:0..Mj....A.......F....!....K..*..\.x...lP[.0.M.`s+.R...;..."...........#N.>...:QW.A..../F...\<f...F ..(.l.g_..Q|...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8196
                                                                                                                                                                                Entropy (8bit):7.976181452836449
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:eW0YQe5RCcYAadI0l3QYqwybjsPZbN08NRQr41W25E593jdC7NIoK0y:eW7Qe5RAXKwQaxu87E41p5m93jwuoK0y
                                                                                                                                                                                MD5:D363304ED5A3201518DE49E9E06C11A5
                                                                                                                                                                                SHA1:7ABCA0017E7588A1166F1F4F179EB84E896CF5C4
                                                                                                                                                                                SHA-256:0E2923A8803B5E30011D8FF7FEC02436B593A774F3EF13E088379872DA79B458
                                                                                                                                                                                SHA-512:14D818420ACC2FBCC15C4DFF6DBE3EB95F3E592EE91E5BDA0043F21542B8166B9FA0ECBEBDCD810211466C25EE0DB50E6918B9970D90E3660AE5C515B62A4D64
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..R..][U`q...._m..:..?.!....K|EYO.S\...F|.:.i.4......)...C.u..!... .J|E*....E......O.Q.E,...Q..SL.....k..Y+.2ub........f...S>.I....#....!.|W./p.=/.{.......0)&U..p.I.?..-....,.RMWQk.h.A...X.f!....rN.w..t.V*.....Q....#7.=..4s.+........(...@d.`..m7.....<.{..m.t.!....D....G...p.6DE\.!._[...ang..D..^n....*./Fu....e.Q.l....?G..Nt..i A.=....j3.....n....A......^.c.'..|0Z#.[..Q*/9...k....".0.C......#..6.'......f.orDU..#......S.d.:?5E.b.D..h..M......j..0.F.{..x..c.j.....v..(..L<^......<.....c}.K(....Yz..[7..E..'.<.qI.-...u....S[....D../[.ixs....+?.M......O<e.]...O!E.........wM%.....~K.,GM..o.|Qy-.N..Q..K...A|t.M....t.L\.tM-w..WJ...{1B!y..s.4k:..O.3E.....-!...G..nS...L..$.e.NyW........].t.&Y$...?.. .'.r"xA$......~g8E2...e.....&..];..-.!.'...mEd.u|.... ...'...O.#....t?t...C^?..".K...3..<..1...A...5&.H...m.....R\.t.Ge..:.E.M.=..%$.....S.+U..j..K.f.$..d.LJb;....[.mg."..Q"....]..vYi.n..-..w]...."..=..4..x.*..l..r..........Y3..5M1..2M."CE.:{m-.....c..lv.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                Entropy (8bit):7.974699526168061
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:VaxUN3YYT1j724tfc5upz+q82I734AZxQPROzat1sUK2q:VaFYT1P2SE5up18b7oMAOza/22q
                                                                                                                                                                                MD5:012C4AC2BF32C01EEF0F6C4CB9E96456
                                                                                                                                                                                SHA1:FA5D6DDEFC59BE7A288CDA27EAB3EAE96E451251
                                                                                                                                                                                SHA-256:CCDD24ADF43A20299B9EAB2255C2D24D43EC223882BD907DD0C4EE2995FF9BCC
                                                                                                                                                                                SHA-512:8FDD82C435B87483F80B603ADC0A8BF062F6FB4D54915B8B50235B28BD4BB00871F886E03A55B0A2316C03F31AC4A7274E4566BE143B3ECAA7EA3DA9F68D8F49
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:].N..Q...xJ.......a..1.e'...v9.9..||......)..gH....:..%Or.t.Q.p4.C;.t.)BL...5.N....g.u.}...O(........,xz;...>..>.K.c...Z...zvgR..g.pz...;.....k...v^.}E]....../h\.*(g.tn.2....~.#...qQ......U.Z......P..+abz......!.Xv..x%N.x:.....|g.>..9.%pY.#...k.....a(H...`/.lT~g..GgL..&..P.z'..k.F1l...X.l:#5..4..v...a.|)....V..E.O..W.BVv.(.*...j.s........VL.M...K!........O.yT.7./K .R.`.........@^..x5.u..z...2.Fo.....%.R.....q].7.dM.l.%,*.o...Y.G.X,.l.~.......$eUx9.4....}.i..JCA]..by..._@....7..=...v`O.(....S+........(.R{......N.A.!2.+....w.....th.#.N..7.8r..\..g&Nx....aO2.....o.`c.&H*"s....f...Lb.`|I....u.Y..1...;..o...s...M...xWKm..p.......?...#..\Tx..G.....]'....e)....64.7U..{\!wLaJ.T..h..G.Fd.....Kt^.r.......d..GXi..........O.F...V.vZ.w9#.'..]~$.Y=..9.%..qC..4.P..O..NR....D..T..e.....L#j>...4@F./s;u.DG0....Lv8b.$..}...M........K!......Q.N....Y.'.+......-.].g.W>t.....%.Oy.O.#.b.sTZCf....I).z-+p{Q3..I.N.G.M...\g.p...x.z...'.y..fZn...l.A.&B..&
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37300
                                                                                                                                                                                Entropy (8bit):7.994669602111838
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:/MfQwzmFY2Fzbuu7rQiezHAcBvOHlEduMl46buJhXAwuG427:/RXx7Ef7pmEYMW6bunXaa
                                                                                                                                                                                MD5:4F80B751643A12DD476D3C0137C43CCB
                                                                                                                                                                                SHA1:14B280CF35F091990C903583AA81C3BBCA1416E9
                                                                                                                                                                                SHA-256:99FFFF76996A5343F798E3FE40B307E255D17A325281B0AF112B80D88E53AF05
                                                                                                                                                                                SHA-512:C56E5E95E501CFD8EDE8F4ADDBC43C5E5E210046483E3D0F28F527280A2023C6FDC2F4E668015B85DE471422BB251F9B43CE0DA6F4CE1E4FE2799F1264034E42
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:.*v.?....Fe....a..p.E.....l.?......q.$.| 6/...}...emcG....\J.$.dY9.\.5.a.Y...._.Y.l^)...YU....U.....p...|Zf.N./K.L..9IM...q.../...<..U.......9..q..J.....V[.....xD..4a4W..X..$...B..........=..:=../9.W... ...d......rV.g..Q..../..I.s. ....n.-vu...xNYm0..6i%...5}...4.).....^.....z.t...Yh...u.....k.. 5.X....u3.TNqK..>*..lKE..Ou...4.&..~......\A.fg.p6...a.......tP...:..^......#.........@(...).R...F. ...Dg......D..;`W..m.....7....e......3.-m.2A:.@.K.C..4..im?.5....5PG0.E....J..W.V..,.vrX{..\.b.....9c.#+.G........j'...T5n......M3.P.0...........@w.v....o..@...x....o.8(!.9......m9..|k.......3..`.rRt..*...O....^.....r..,.y..o.....q....z.[.=.g]r..G.8..K...c.....P.7.qR....2.2$.P*.O.[.@..{.x..Tp..=.]?...$...LK...%....V.........z....K.:......T..Sl..l....C&..o5.d..1R.KucdJ. .Q..i,Q...IH.jh.f...Tp.i|..D..n?...)..*Q...g.5Tg..0qb#._..U...U....#.c....I.P...3.N..T.>Q.n....y....U...eX....A....k.DD.pX.....1....n@A..Ym..+.G..G#..q....I.....R...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37306
                                                                                                                                                                                Entropy (8bit):7.995127033528034
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:yutxcJl8r60QYe56tvIonMRjwWoEw5f6rtJahJ/zDhg:RxHrFE6JIoGe9MJJahJC
                                                                                                                                                                                MD5:1DD2F3A5004A1F1B1168B2ACD09639C0
                                                                                                                                                                                SHA1:939A0E45035DDA62A82E2B7328C036EBF8D560A9
                                                                                                                                                                                SHA-256:C466324B01815D3AC2CDBB3BABA10A2231D764FA0A57CBD80CE891C284A6B190
                                                                                                                                                                                SHA-512:DA1C19CDDE955A1A7FEFFB4E074D588B0A505CEA6BB4DF618BB5D3B7A08304FB8244112F4A011CD9E613FB7EB27A8F2A5EBA7CA452332C1CB03CEDADE303A970
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:.dj..........:F......R.......3v.....8.........Tf......p.&..y....S.,O/O.. ..o..B.....b.Bv.G..Z..+/..P.T.fn...$...#x._.s...*t..D3....:w.....VV?.kalC..Y.l......,!...lu.dG.4. .46K........B+...q`K..w.q..K.L,}^.....!.p..j."1.L9.CS..../J}6$.1.U....j.M..W.?..g.@y...MW......>'..:....`..d...gF..7.....<.J!S. ).U..\......R.......C.3p...O.....W...;..F....m...6HN....+.6.;..8^.td....r.B..xd..k.|.@.Sn...}..87c;'...J..., K.&/......0.l..0......u.8...K7..pY.*..w......I[.Yi..'.K.P|L....(..DX.@...5.1;k.}+.....-6:./...k~N....d`,......q.v"...,._z...E..k..,......M......u.."..$.8'.......[..>..........p....@.p>...R....."uD.O.L..@.^.a.qP...b...}.6........M..A|.....\\WF..6.. ..g....\[P..fp.kCf!.`.AW.f....C.Q..H.7.9.>.o.k..}..`.OSO?.b.YH.=.{5"u.)..+../......l..Q.k6.0...!...F.v...g..A...'1P.q.v........k~z..7....U......}..*.M.K..{......|......'c...SO.ac...O}E..fyn...^z..}q.^.e..`l.1Z....\jKqc.q...+\..3.O......n...-...p+.m..d.H.&...D;..`..a..O]........j.R.N.l.".5.@...J..
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37307
                                                                                                                                                                                Entropy (8bit):7.994652935173103
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:uMwPKKB/hWiNgipXGunP2+2avtmjqwHN9UqMOjIVqaxLFOv:uMwRB/xNLpXrnOZaUOwt6qMOj4tFq
                                                                                                                                                                                MD5:48783B33381606028122AD3C6ED42594
                                                                                                                                                                                SHA1:EDB4CDD3AC2D9936B8FED5F4502CFB8DF5C63500
                                                                                                                                                                                SHA-256:6E750894CCBC73DEF3DE399052616ACF236068E396B68A32FA702ECC7CDE60F9
                                                                                                                                                                                SHA-512:B15ECDDE2F0D1CDD64AE64611B7ADC3BEC77766EE159D685E05FCCAB65748A5E7EDB1D8F54A4489B6E3CE7AFBD9BE77363F699BAB922146730E401D3A5E0BF06
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:0c..y..@......../xsw@=K.....q.x.......z.G.+.l'....k .. ..#i..\.jq.`@|......l.D!JI9...r..P....C.<k.......K...U6..^.z.^(.....W;.....1Xe.....5...~@.P..J..LK:.yM..H......OC.b5..r%........k..ZJQ.E.P...._.."C.l.......=+Q.N.....A:>9N.S@.[wY2..A.....oh..:aM.!bK...5...g....&o....`......A.......{..l\Jr.>....Ab...L..=a1.....Yw.Q....}....6..7...$.vd...4;y..Y.402].)..v...,..RR....5.i.1Ws.4If..(%.E......S".;.=s..y....N.{.....lbe....%K..G....Y...=.n..Mn...U..Xb.$..4m5$vk........N1...y.T.n~...U.whS)T1..... ~V@r)#.@9..$6...,.$.)u..X.x..YX...R.SK...tX..n....j.|...q8{..&.a.O;(..W....._p...).;.7......]...g..^.....r.....6e:.....u....U......onj....@_lh.\.6|....:.E...G. .G...j..Gy&..I..$=..A2G0.H(......u......_...... .1B)..D..pTLR....RY.}..........i/y$.V........#....V&'v.d#V...K.........FzlE>.Y.<._...a.g.M.%<0....G.+.&..r.iOu.L.vF.....\..J...9.Zgu*....ED..w...........7R.D.5\.[N>..k.(.1.n.~;..7.gj.0.J.....\....9)3..=.y..j.Uil&!..#j.qw.x.F......b.;.r..`..._..D4..
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37294
                                                                                                                                                                                Entropy (8bit):7.9952310545677605
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:Ox1iWAQHqLFhCu8ViECAnffh4VpgmiymHpTn4m/0:Ox1iWA1Cu8ViY40mQ1/0
                                                                                                                                                                                MD5:0184CE4F7FB27C42533DCDB0306063EE
                                                                                                                                                                                SHA1:39CF9BB893BE3B10F77684E7382740571B3FE246
                                                                                                                                                                                SHA-256:470282CFE6155BB3C7D7F8B58F5EB2D5654479E3A711F9B6C07CDBDB120136C5
                                                                                                                                                                                SHA-512:7CAD7297BCCC7DBF81536262822AD154E957DE2FFE3AF215EBBE579894E8F65FA227EAE3CD8CA37A483836AF2AAFE529C610FDD5289F5EA7C79BBA4D7134C9EF
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:!.D).........t.......'..#O9[.3.1xB..'...X..".l1X.r...l..@A.5..qyd.Zt\//.+.Zp#~*.Y2(..BmLtw.Y..+......b.a..z.5m....y..e.JD.).-.....g..........<.(../...FFi.z.L!....X...n`.....C...}....U...jN.$...hO<.....2j....4S..|_.....@.a.O.n..5&..........l..}'...<.N.......^.by....<'$....b.V.....x....o.aC.U9.J.l............P.L........J.}.HU.y..$.A..v...........1^.$.L....Z%.X.P....?..#.0.U$...,.....'..e...@..`..=...x.V...V!`..P..r..j3.+r.9.d...}.@Q^...A*8.....5.PP.D.._.0.w.H.=......).,.2.h....`.XA.?<.3.#&.e......0..d..+...t!....Y........i!.....#2...r.Y....!.......r.p.......P,..).h...W.Ie~U...P<.J..o.Kb..F2.;QO.f"#. .h]....U..f..ea@I........89..R5....uJ.O.........j.X....m/...s[......<H..>r%;i.z..!".={.~'>.6....o......z....;....E..4..;.S.....X'.^....!\Z.48Q5...,...V.....=.iv./&R......l].R .Q}..3.....pNwo7"...K...a..Z;J.c..iX.`..A..0.@.`a...h...5.:...2blJ..B....>TE..Q.........D..Vo....q....N..h.....ZEt.Z..EBZ..R..>..../.fS.c.X....O.a<@=!.cg.F..>(TgK..\
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37293
                                                                                                                                                                                Entropy (8bit):7.995439715872242
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:H6JVBnwKKvSsH03wY/obkWQxuud6HDYaFAIm4hN1WM:wnwJvSFWkWP668aBNV
                                                                                                                                                                                MD5:D9DD1785A358D74CF0564CF3F07B8A81
                                                                                                                                                                                SHA1:A9246F0F392964AACFF767ACDC70515309A5D9C7
                                                                                                                                                                                SHA-256:AFCA209F05DD859D3BA42DCEEED13601F9BDD7CDAF484E09D89785536DE69EF8
                                                                                                                                                                                SHA-512:CA182A9F5D0F771C0B497A5BA7706E2F4F0679030537A18C16656B0CB53954FFD0498D31FBE698AD21B2E79D49E96F5DF68C237878A4EDDE7BEDC8D7D1B98B95
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:i.w.....*...b...[.U.._.<,j.g.(&X.'.....B.....^.T~....t.GF 4....g.P...h..ic0u..[l..3.(..o..r.y..=v.&h=w^..j.....ALY&@...W..Q/.u.R...koj..3......O$..y. ....I.W.v.QV....N...5....C.. ..:......v...V.m......`....BC-;ZI..lS........c...0...};..v..9\.G...g..-oL..z.{...|*p.C..|...+3o..tE...e..4j..d.."..i.q.@..F.mw..w...P..tF.:|*.+....E...A...<..k..~h?.Y....~..z............&6...x......1d.=.D..%...A$..Q>....U..kR.^..c...x..f._.`.1.....((.R......#.2.N.._..{.BhF".6...n.O.*..(~.0Z...K...6e'....d.........Qw.]....xM..o"$L..x.>..E....,.N........8......<...\.RU=s.1W'0.n..!.-.i<.;8..B&.{fi.{qQ......D.;.......!(&..j..ht. .A..g..O......0-......i.B.....w..U....V.....J...o6.8..B...R.pC.N...^...-......O'Eq..R...-W%.*2W..y...!].M=s.e.t..... ...ES.K.X.V.r.^"X...1sAA./........;....X&:......`..w....D..}...._D..Pc......6!....(..8..c@: .._.v0.h.x K4h.n.....?&I.mv.h..V.D.,......:..s.rp..O...y............V..@"c.........z.1x}.jP.lk...w0..7+|..2$.B.[o.:...f..c.p.8..a
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37328
                                                                                                                                                                                Entropy (8bit):7.99522446511992
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:kORse35yu5hGKzJ2wWEValeqJ8YugRx6Uv18VRlPU+ublfa:Om5yu55zJMlhdudUd8/lPBubda
                                                                                                                                                                                MD5:BE49F7A169C48B8A35242A250D2E25C7
                                                                                                                                                                                SHA1:F7314AB43E673461A167132CA259249DA9CF8BC1
                                                                                                                                                                                SHA-256:ECFFF8C9D06D33AF1EE4E99C38FDB278880A09A03EA9D68FBCBA562A0AE0D509
                                                                                                                                                                                SHA-512:51A7C0F0AB5F2575295F5589BA7D2091A4A5418040D19017A1EECC960A7C6DFFCC4FFFA2261671FB7F67A32B368C3E503F8C15D179F1A6B56EB3B2AA93895314
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:...3W.......|].....]....D.;jI..kB.7..X=...i..G.r...p.H.UP.n`.9.....(.....o..T7.RG:....KA.=....f.H....e....&3.,..c....(.-AQ..@......a8..'.....C..|B......<k..O..]..I.....ym.3..~......PK..I1sWV!.}....uV.U..zs.z/&.i...e.I9s.k.Gv<...%.../}.........R......W.F..k.<...d\.....4.....v....#..........cjAZ.....j...C^........_.fe.....h...l.(..+`.Cm."1..i...N^..-...5.z.!d...;.'.........$...FrK......Z.DU....._O.7........B..m...U:Yu..O_.Pi...8..\d0zb.....(.n.v../(].-g.........`...l ..%.....U.....6.Y.:_.o..{...P.\....J.<BWab..\..I....Ra m..T.=.[).4..HLa...#.@........>..Tuf.q:......Gy...$....D...U...{.LO<.pU......b+...'.u.ut.u.5..ZE...".XX.p8[..9....A..k..V...^..=./z...1..k..J...d...n&.w+`.-._..g...8Kw..............-.ysa.?l?.v."D.V.n.*-.^.D......"...M.<.7.6.e.<XtMH.h7..^@\W.....8UV.~.QT...ed?..U.6.....".....I..N...4...&-.[....3.N...s..z.....m.l.{..zU.,.)..J..@.M4......*.k...H...5p........d...0..Rv...|.*...]..S......{k.C.>...@.n...d...S.X../HL
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37327
                                                                                                                                                                                Entropy (8bit):7.994615392651595
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:N9XdTIdUzWOUq66Izef5Ziqo1SQtmA3IYEXof9I4tri:N9tTICy0mzeRwqoEQtn3IYO48
                                                                                                                                                                                MD5:09B2548DC2578F882A3162760CD1EBE1
                                                                                                                                                                                SHA1:CB849EAAB7962F527642674C77FAA3551583D0E2
                                                                                                                                                                                SHA-256:C01C48048DD55232D4089C02B4F015742FF457D22EA338F961E4830C396131D7
                                                                                                                                                                                SHA-512:E310D08A072F3DB18B0FAF8A1EF2949269936E791D5B78963197F811171FEEB0214BBF13F142B548438FDB58D25F5C06574EEFB317E6F694BCBF433ABAA6D966
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:.G..v..8\.....]......La..p.\1.....p...8#..&..w.X......r...Gw...._D..~.....ma.J.a.........i...X..IiZ.....`U.R....s8....{..zmpU.....5Q.rK.. _..mT!,...y.Sb....R^.[^.L........-.I......m.v.=^~......{..Rc...I...../+...f.......Z...+.....K8......, \...1...7....9.=...Y...7...S.*..`......X...k.....H......]...V..Q..a.J.A..B ..f.....k.b......5Jp....#}wIxKze..|'...vj 8p.)K.[..........N./.....nu..B.=....l(..F...=...a..P..?pl."w..Y.0..yh8.......OW.. .......O.i...zc..1...........-.;K.Q'..s45.m....]I.p....h..#..&..m.!?..:%3.#]....b.].D,...I......(...T.N.Z..I)..IRLa&Ta....F.\^.......oe)'A.)CSAs........."!..d....u... ...\.Y=..&+..-..k9e{..+...HF...`H.pbmf.....O......sz.-A.T....e[.-^...N".....c.^c.7.Nh..*.$.......B.*C.{.;.v.Y(.F.@_..@..#...\yL..x.../.BO!.....d\.iR...).......@.....|.YU?..B.\.;..lr..K9.<g......U..@.....)HL.).....'#c6.;..w3...>.5.6...... .E.N.S....(u........NQ.k.2a9...k.!....2....<Yz.NNm.$oN.:m.u4...&bx?7..a..."v&.....#4x.h.A..;...p.q..i..g.S....>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37300
                                                                                                                                                                                Entropy (8bit):7.99546688980469
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:CE6SB/B0PGqIOJklJS5KY7z8RHa1s6u7fBYGC5FWXMHq9:CEfxhqIKklJO1UEs6I8A
                                                                                                                                                                                MD5:7E83ED2A74C6A2FB3D635B280F3D2F38
                                                                                                                                                                                SHA1:B2FA68DDF68344483EA16690374B44D31EF91173
                                                                                                                                                                                SHA-256:51F47724BD429F90BE79E628E321529B19234A5CEB33F63709C9AF86A558BA55
                                                                                                                                                                                SHA-512:069DADAA2EDEF95AD2F1B5B3F5C52E3D12584B65C643D927991CCF67CD342351FF1AB238B39D6D16CCF4F86EEC5F86FFB1AD550F8605F0552D0388654186D5AE
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:.5...mn.h..{...y...j..~.W{f......:{....oi.K.Jk...[.)r....3:5......Np8..!7.6..]U.w.V`..DT.......{.l...]'......4I..J.o...-.F.f,...X..;)...|.U.......w^RD.q.......qx...n*.q....nT..}g.u\4.......q..O.T....YB.kc;.=.j.&...N..........OpH..._.w.G.e......2.d...%...3'TI...D....U.^V....`.E.g.F..w.d..%.6......(J.k.f........7..#..U.E..e}[....n.0=..Y~.].9...9.L.B.::.Y.l~...$=..4..\D.;...=.k..W..@.S...l./K..j..\.!..?............~..7u.|..d...(+...?...+.gp.*....s...Z....C"S....>:..1...L9.y..if.f+..@..o..gG.S6;N.2.r..hNh<..@."w.Y..yb..]h....D..>9T.h>.E...~...-.g_A.....UL9....O.....V....s......U.g%p.:ws..^.....k[.u.J...S..<.Q.M*.]Mx...[_7..?..b..O)Y...^?..B..{R.......z..$G..M'.V.......Rhjov.0...{2..1....y..<L.$.fE..U....iX.W....7u.v.Z...#.%j|...~....^.y,').....?wC....O..B.l..,E...e....v.\.~....k.mpr.ixv..#.Z.J..%.(8}![;.].5...v.O'...Y....n/^6..'f=..~..L...~..h;..N.jT.B..L.i.>=M...O.....#....j..R.p..E.+.7...[.^.%'.9.z....7..%..N......N'.Hs....!..t._]..OG.f&..
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37303
                                                                                                                                                                                Entropy (8bit):7.994742050622653
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:kRzd6VlbOG0l7e8I9kScDH7+wfy2OVpvzzDu2sVm2sMr:k2FOxitkS8H/KjHDu2sVm2fr
                                                                                                                                                                                MD5:2FA43F0E52C90442303C2132553D0AB4
                                                                                                                                                                                SHA1:30C0D80CEC2B88D34269D905E1AF02DC448CFE11
                                                                                                                                                                                SHA-256:84E5B1BEC49C34C2908A784D61FE3B000465CFD6F6453A73062C91BD23DAB336
                                                                                                                                                                                SHA-512:56ACCF5017EA4462ADFCE0F7A14D54C5C7303117AC8E28B61BFCEB9DE3F88E4858CA3900DC6D57491873DA1CFF71FA91554FE7DC274BE075223D15998C64DC36
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:C2..{..6..;-..........j..U......me3..u.,W...L.c......B....\k.v./B.I\2..y.<.p[...)...T%$lGy.8..........4O.!..0.... S....k.aA..b....v.C..$[."(....l14n.t.5....^*.X.qx.. ....y...p....q..`.U..L.~-@c3Wb.-.....,#......y.|.....z.......GQV|...........<VZ/..0.r....]..m]...I...^` ..iT.aHh...o.70.q..9.'..q.....R.ZL....I.<.+x/...... .......R..8..1v.... %...|Y}|.|-.j...v......=7....=t.|.u..p.G<..g7.\oF=.p>..R...A77..7(.`...G...'...1.....~.....%5K.L..G.sM;fA.>o...:..CQ.....O.....B....(.Am.=M@....&.h.A.'s.t........<.(...a......\43..^~.fq.7....z....~.k.U1.r..oD...F../[.j8...R..Dczy,..4_..o.....S.m.6./..S..D..0.q5.??r*kZ....(&.....'....(-e@Cx.G....A..V..5.<M..x.+P.."$.o......u0_.$...@L...........d...S...O..x.i.K.8,.W...:.....`..F+....Xu^`.:\...hm4N4.....E..e..}..%)&.[.75.Rz1K....a.U..Fp.R.S..x}EFV..=.0..h.e<HB...:........`...<9../.{;.A....g.=.Owu....l.o.a..$....&P......nb.../......9K%..of5...%,..Q.......b....:p.0fq`....=}l.!&?.2..Z..Y.D#........C
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37294
                                                                                                                                                                                Entropy (8bit):7.995676802005391
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:I8v6YtvtufcUHQJbxzXbbUO7yGNbt4ODuXcpJlodr74nWov:I8v/tVJOQJFgO7yObWODupB7yv
                                                                                                                                                                                MD5:DE24348AD67CF764C271493F728FB7D1
                                                                                                                                                                                SHA1:8D468E408222C27CE2F582B09C00CB31E0AF5A1D
                                                                                                                                                                                SHA-256:AD58A5813F86B64251036C669FFCD8524267595523DB32A258D80211A463A2DE
                                                                                                                                                                                SHA-512:46A5603C111D973C97139D688E21A0DFCA37F8D46E917416D2810C9804F93821A0EFB9AD6EE7A93FD0D7987DCC84EB396E73ECF025E70E6DEE0CC483D2BB3521
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:}.4._.#Q.._..p.A..v....u../.5@..b....^f8......I@...J.E...8Q......B..Z0..*0^...jB..l.<>.C.h......S.'Cm._RZ.W<..'...1.4..#...L.Q2.+..S.3[.g.........4.r.Rmi`tF..n.d.!D......H=.b.o.........u......w.._.m...Elh..Y..A..E...4#...?.#..7..:k.;..L.$.%P.....c...X....6.S.h....<m.?......._..l.{...u..X....rB..7}..;'Q.x...-"o.....t.a...9^...W.B..C.E....6[..-w/0..y..?...2..b...K..o..0D,q..*..m....)U.A... "Oc....i....Dx......x...G....!..W.....Z.C.T9..y....%4..\7c...m...:...Tm...G9.......q.......$`....^..1.nf.-.*.M.$.#...h.~4.).sx}_.............rJ..p..O...6c....?P...){.X.'.x.....p7.6T#..X............I.w..z...K..n.g..I....X.....q.....o.B...#C.{.......}.y...J.p._B.....d.......#.J......hx...\....57..`.m"..f..#.L...MS.....<}Y..=.0v..G.*.?.LckDs..#kM...-....75....O.cB.X...x$...^...h.."d..K...2$....Td\l.A^-.p..s...]6.UU..).".T.h.W.GS( -mB...h..6.\.>.....)xJ....W..e.}..5.|....?..Ha....r*q..h2[+...Z.+Z..}.z[n....z..((......}.......t.....s.C.d.(.c.1.u.........
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:DOS executable (COM)
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37299
                                                                                                                                                                                Entropy (8bit):7.9954904631209125
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:7oQntAdVP8LUdj3aq3XSntCwrEpOnQ4b3XJTS:7TntAdqUdjKwHgEpsLXJ+
                                                                                                                                                                                MD5:CD70C3A83ECD1FF97475DD64CBF5BCDE
                                                                                                                                                                                SHA1:D42DD748AABAF5CAD08F1293178AFDC7B16A74C9
                                                                                                                                                                                SHA-256:2FC5FAD481E2E205D7041C880A1FDA0E187FC7A04E9D3687DB952DF33C33DAE7
                                                                                                                                                                                SHA-512:C35B08A225FA9912A32645DD55E795161EC395B43B44AC9BD8B2FB558504BCCFCB6B44C2E70DB8533BBB67F2FFE60A7107D7ABA0F4951DC6166AD6E3CC260C1A
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:....K.m.l..$.y.rO.Q.....4...y..#<d]......._>....UF.iDO:..5e.H.Oo]..l.L.[.`.5N..A........ .(t.A2..-.8O{.Eu.f..U...EX...#.%BR>..+`.z>..:EoG...AG.2...>!I.^.(..8.5..X...Iu.&X..}Z....H.M^....n.K...g..B.....6,C...|...._V.lKX.......H#...\ ......E@..!.Z..&h]..{..a.x..#$.ND.y.t.K.C......^.....m(..#.`.....g....&...N^..k5.!2N.\...._..cz....L....d..3lO...x ..O...{..D.....&T..V].....r!.....3!...[..&....3B..p..,7..E.,........P...y#tU^g...glC...i.+"..aF.p<.N..q.<...s.<..C!...@7;.>>.l...v...E...xm.........P.e..U..$....Y^V.....N...x.k.:9..|.A...7.O.9..5...^I2..g.....(A....d....IA..X>."h.8.uQ..Tf.'.+.e.....,lC....&q3.1f....a..aV!.'.._F..KzH-.Xj....X.....k..&......%..g........e. .....&....Hq..|.\.\aq.....|.,....z.X.-..D].CZQ.u..3.'...m`.t'......C..n._.o..BQ..Z6F3...%..<..~&}..RD..cD.8 ..%.x..^.%........'...+.....M.....[.<@0.D..}.M.t#.S.Z;#......i..zTI..G...S#U6..9...........ob.$b..;H..8.........X..Obv(...R..G..2.m...C...,.>.$t1...O...T...N."........Et
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:DOS executable (COM)
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37300
                                                                                                                                                                                Entropy (8bit):7.995062854870052
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:/NYwn5XiCUY3Cu/Rc3qqJyEqW7ZKLLo22sZPbGHL2IIaK:Fz5XiCUY3C3qoqQnzsZPq9IZ
                                                                                                                                                                                MD5:36552CEDB4EF0B5C7CFE02892433F4D1
                                                                                                                                                                                SHA1:C0950EA1FA856C83CB7B03BF3C4143E14E1CD04C
                                                                                                                                                                                SHA-256:2E5F3D4520CDC97BD07A9DA9B1F1546F9D906953D5E9EB389D74F96FAE981809
                                                                                                                                                                                SHA-512:0148B002D3339FC0074D2EBC00711473D06BA76F3C5E5F91FC3DA4D64CB8D34830D587904309891754F54A2ECBF59644FEFA7E0CD03488A02B1FEF8DB0AD4576
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:....w.7u....P.)...[._#....j^9.....9..w...8.+..om.$.........k.ehpi4v2|.Fo.........oR.........n.!.r.c-.B..b..\q){..~.:..u3Af..Q...a.d.h..P.T.{..=P.\.u<cag;:.z92}O.V|..)...,=s..S....2...I...=....z...ilz2.jg....W.w........l.+...n...[..j.Q.i.(/.Q.}....&.A2..w..!...P...../.T..X........Tb&789T..Z.<.zb...^...}{Z...,..f2w1..+.=...ck......t...PS..=...6.S..In>..l.R_...0.z...L.9......pJ.@.[.&.Ax............}..Q. ..3.=.v~...c@,@.[.@..K8.>P...p..f+9a..U.=.Xh.$R....`$Ecus.G-.!.R~.."K...).....=....V.(..K`.7.A><.G>``.ux.8.R..7.>..ZO.}...d..C."..d~&..m..y.(....qf...~............ ....3.}...{./..1DA....t.n..aW..R-.][6/.....!I....@.......zs...?..T,.y.<9.,t......)n...b.....R.8..<.e?...FL.......c....+..P..8.v.........4^E.Z.....T..pU._.c;.~.L.......G..i3.ir...X&m....&U;.....H...\..u..l....B.Bz...^.2...+.EX.t.....}%....:.i..!O..W7.m......N.a....%.<..(.?.8............sm..<.....\0]B....]....q.OH.../....g...j|.7..... .+.;2%....J..Pr.Z&....7.... ^H.`.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37301
                                                                                                                                                                                Entropy (8bit):7.995108670570854
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:wDKx61h5h2urByHanjA265ujapdPMoT0Cx1wdSoOmtRwMcQA43s:wDFsaU55QQdPXgCx+djOmtRwMcQB3s
                                                                                                                                                                                MD5:96783BCCEC79F10B03BA51FB945C5769
                                                                                                                                                                                SHA1:60FDDE3AA3DD398D92264748D0802D8FCEB16285
                                                                                                                                                                                SHA-256:5ADB090BC90784D2A2D004AB7A007468F0F11900C66D59FF5A6D94A660536FF8
                                                                                                                                                                                SHA-512:CF10D3635BA7E61B2385FF4A5432B376922BDAE3816ED95829C18520ADFA447BAE5E76228B7992F274BB973026A8C7C0E76BB74B4709CD36CD9EDCE7EDCC131C
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:. ./.=....z/.-)k....Q=...._.7...c...}.'..g.....%..^.\pd.>..>.!...o.f.#.?J#s......`..nr..2.....`>..W ,....!.~i.I7_.-.l&...v.M:...........1<..=1.*T..S.$....L.-.|.3w....~..R...5........VSi...K.r..*..{W.g..7+/......R.(e7..J..k.V.....%&z.@'.|,g..M.+w[p...s...J_c.....[M.M..1.?.o.4'.....l...c..pp.C.h|.mn..|......"n......X[..N....*.h..../*P.|......M.s.ut.Jr.....X.pD..>2q..6...tx.d.t@.vtw..z..._.g.........i..b. ..R^)......(..1.!s...O]LM4.T%.:'jh.$v.Z.}.G..=...$....t..{.;.clJu.c:-.%.......)..z....6...).R.y.........(..S..82.&.........,.BOP....:!I.@>..."E...a5..G..G....%.?.K....T....p::l...7o..ieA.W.3..=.G.J.:24..1...K../.z.]...{....-!..G..oa..A..G...3...#..B.kN.y.%.?6.gP....Or<}...B..\.S.F..6.........c....K........V...U....j....C"g.r...q\.m.."Y^..b....I.Jo\O...cHX4RA....W..:.....i).U....).t.......).;.a.)Vp@..E ..[......+...Bfv...8..p..vN....Y$.H]Zs..Hx...c].E.....S.P.MQ....I..Mnpe.W./.S...@..G~E..`ajeI.B..$.vw_./.+..x.['.l...{O..t.^..t..eR..|
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37302
                                                                                                                                                                                Entropy (8bit):7.994653625620146
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:VnCqGoMghw/kJGpGbosZGCGe8MT1MAO73L1f/ZAGZeRONsaim:pVGrUakJIGGeuXLl/jZeRO5im
                                                                                                                                                                                MD5:1FBDAFCA47D55945C40F6F8712E772C9
                                                                                                                                                                                SHA1:D98675C5031AB8ADEB2E956D2D6085053C4B14E3
                                                                                                                                                                                SHA-256:8DBF232A36D47000FA18CE8C811A67D75ADB6C738F1DA9C1D34A9246D74E4F43
                                                                                                                                                                                SHA-512:4E7D740365505BDB74E5686E84AC3E7A51CE294BFDE310BAD4C09165079D3BABE90B56E992875DD59B23F4EA172203E5D68668DC3D908ED308A9B380C6D8A4D7
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:NK.WU...T...l(...j.|....]G..../...<../.-.[.m..C#....Z`.@..GXu.r..S..:.K....P.WG..s:.#.."......h.I.m..9..].{c:....R./..:..r....q......v...V.m.\....SG.r`.....xs]$;.r..u..o9...U..H....9Z ..Gjr..s.... .*..In.x6.....Q..(..n..n..D.......75I.@....U ......(|.P.W..y...}Y..7z0bsd.(0:\.=.k-.R..He.5S....x.:_5.[V.F~.|.4I.9P..O.Cl.}t..t..W..0H0.e...C..S.A.x.yq.li.h.s.._.......i.>........*d[b..7.r..|0.wJ.e~.8,)nR2.....H.V.Q..I...OY..=.......M.IV.....pk{.Gz>c.!..O.+.......k.....e>=<E...9...c3y..$..Q;DeJ....+s....q...u.R...*...cI..-.(....D^.......BJ..H.Yp....F.Xb..g.S$..).x.c...|....!....}..n...^.......X6.q.....~3.......SO|.,...m..:...0......0FG.!...,..q.`....@....H......s.Gb...n.............R.0Ou5....z..3..B..u.(...i..aO.0.0.../.N...C_&...........9..Q"..g.....~.>..=.P....4H.c.*...|....)...P..=.a4..;t..)./I...i..b.*.../6)U6p..V.G.....P.......6K...A.#.....%......i.P.#...]P.. ezj<Z....W...B../..6......{.P(.P.......n.[]..w..2E...(...O.....ve<...v....X..sx...#.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37304
                                                                                                                                                                                Entropy (8bit):7.995067849636916
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:XN1vm/b+xFMx/syfnXwhmGTB66MjKfD88BiG3bE:d1+SxWx/sy4h5TxKKNiIE
                                                                                                                                                                                MD5:8D60B3C67FA7A0DE3508444DC5B13E2A
                                                                                                                                                                                SHA1:105FD150244EBD69E756AC5A120C002038CBBF4D
                                                                                                                                                                                SHA-256:8C7D0F6CF7A7C9E681E0CE00A9371528EC163FD4DB2BAE56C984066A2A2E7010
                                                                                                                                                                                SHA-512:73480EA45F6C722F44E114E5A07BD53DF65B5EC2B159E47B83EB1483982AC0858F57157F2FD21749D053642B21DB949F5D34962EFCE42863A34DB2E45E494A08
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:,.7^d.K...c.....s,*..=a@.....y.....^.{vc.m\k........i)S..M..........3..j;....T.....W@..~....?.$O.e..I....J7...+.%..Sy)#..P..?v..W.ee......o...F.c.5.d..U..6Z.VK...V9.Vy|..D..%...<...<`.;...ng~.w.s......q.....)Tr....H.|T.N....z.....|:....@.F....f./a.4.....@...........Y2...|..../.ws....?o.W|...B...\.u\..%.bo...t?LSD.w{......<6.>1.u...~..$.-.C........d.=tf....w..,.s...t.d.p$0Z.24o..7w.u..2','.r.ko...(...,...z..'.(....oQM.}&.....6...g..e.UR._...lW...a>rrs..K.z.6...|........;.......qG{......Z...P......ac.R:..$.#..G.9e..[.4.5-...{'KW.z...z..!....~=.6iu..g0..0..l...OkRj......y..#O...#...j#.@..AG.1x|.r_...2.T..C+~...(....{Uu....t.Lx,"..R.-.I?*.F....Luf......~.|..d............-TL8.........j</.K....]...!..MN.@...8)...!.3I.)....pU.*.%,.=..2:Iv.......nhX#.;.3!v.,.%~7.vN.....m..{.}h.m0.x..>...........;..T.ZTx.%..dK..+.6..m.D...lG....n^..;.~...N...X..o..j.._.6.#).k.J.....1D..b.H...[8`.#.....w..*;.N.>.....ESk..U...|..S{ ...}" ..6.^...%.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:COM executable for DOS
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37303
                                                                                                                                                                                Entropy (8bit):7.995156109823397
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:WxwcKFsP9t1LQLfSCi2wlg3//s4jPmqQvto9ElE6WFm76LbugzV1zLlYW35bz:DcK01LQLfSnbgv/sDtloulETm76L6S//
                                                                                                                                                                                MD5:EE730CCC874075721E6345016CB21AB0
                                                                                                                                                                                SHA1:502C539AB070DEABC99096DD473021FCE0C04A8A
                                                                                                                                                                                SHA-256:F671D657E3EEC93DB1E4AC0CBE4DFBBE0A502DF9A31E8F1F968926015E852C89
                                                                                                                                                                                SHA-512:55B52E00C9F0F1C99CCF6AD1E4A99B267076B5297D93A93DB424DDB7CA8BFAC6EB1C35BC2EE78FF2006440B78BBF3F3620EE5EBBBA5F68CE62C7431FA1E0658F
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:...!.,...9D.xyV....c.q.......VQ...R}..i...=.JNnJ.............0._......m.!\......]T...U).>.:.{........Q.a..hn.ir.h.x....i#..^.s.Ji4;...k.'R-.,=..x...a$t.<T>...!.....k..g..ODYU.i{|.....;@A....I6~._=N.h......)......r..sa......h..q..}M...;l.x(...h..Z..lg..=*..<..^....p.9....45....Q..D.d|K..-.rC.F.r$..c.=#.........h...!..\..z..#..Q.M...|.....K.mr.G.6(..@..s;8.....g.|...~.h.F.R.`>3g.+.......e..O......}....W{[.."=....n...B`l...&..f.e6.TZ.U....o..P..MNd...|...Q...v.K...k..*._K.Ley..2.....ErJ.B.w.`K.Oi."..NT..h.....s..#S.3...K......=....R].L!...U+x..`...V}i&..o..3.hH].....e.........5.....Cd..K.:..V+7.....j.....+...!<2.#a.....C...4....*......n=..|.H...x.Ar..+@...OCIe~;G.T.GV......E......xtfy.....LD./LK*(M./.......IM.b].~.B.\.qm.........N..;..=..f.]..3.VXl..2......NT%_.vj~....r.,....._|.....'.4R...e...j?..n.79.:..0-9.Dt.1....w....."..$..[ ....0....$O.3h?j}`...ij3g...`:].M,R...O._....Z...O.F`].t..kr...u..J:.zV.....L.....+.>.f...........$.J#..^;
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37302
                                                                                                                                                                                Entropy (8bit):7.994378808688821
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:NjH0sf1wCfYJQ9ak1K7GM/hsfM66aD2cTFlNVKNOsg9VGOD6J:ZySr9aKK7r/v6LD2aPNVg6jFD6J
                                                                                                                                                                                MD5:15B9E09DAC84BED3D7935264AFF909A2
                                                                                                                                                                                SHA1:9BE7D2B970ADDAA737AF641222006351E33F3EC7
                                                                                                                                                                                SHA-256:C9751CDFB7275041433E674484CF666829EB8E7B65B7603A6B0B39CBCFFA3472
                                                                                                                                                                                SHA-512:277520788DE09A8151A1911CE0E7446352A63A0138F68BF9289E619457152ABCC7191BA74D0220638BAAE916C90974D33F86C2A11D402E93C8A5055D5E4E2535
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:?.8@k..H..W...A..M....+.B,3O.%..f.].C"...6#.. |~._G..g....C......(....hS.@@...v/.v..i..........U+..a......0.-S.{R..I48..R........F.%8u.g...[.9<....b....Ze.Q..J.u..adE............i.*...Q...r.l...w...L.<...7..d..@..c..#.r]..*u^.(.Jp.7.8..i..3..(..D(.......a..D...L...U}.gdP{...W.t..On.*.u......ZU.&M[.hR..;S.d.&...%.\...J..1...g:.^..2....m.C....z...!;...;..0..m.....I.^.....&.A2fh...l.u..-NNbv.Az.%W.Z.p....On.mqr.z6..M.t...X..."...OUVn...d7.....e...,..d).tG0......Lf..j ....!W..-...&.v....].9.z}T).!"7\bn,.d...........,j......P&5.@.F*.^n..F.0q.......M.T..c["...rB.H...S...VcM..=.85.....j.Y...)......Q p"[....AY.g&...Z..j.\...5{.C. ..\......S...y....~...sz......U9\DR...9...e@.Y..]0.W'dE....<!C@.S...z....si.3...>.X}.........S&.>\.9(`..$......P...k..{.......D..n'.v.;...q3..Gf......'.T..M.v?.T..+hv%.......-.....<\.q.l.3[;..Z.!v..Q.5>._k ..*r.N.1.M....q.PC.dU.\+..M.y....`.S...5..m.|i..E.........Q........a.Q*...,!o.....*. ...8$.w@.q.T..{...j....*FgF.rA..,E...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37301
                                                                                                                                                                                Entropy (8bit):7.994496174802391
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:/Ixv1zdSDm96AltrfdmRWfcmMaNqKatzPCAAetmSDoQfHWike+:Ax3Sidthm9aRcWqmStWxe+
                                                                                                                                                                                MD5:32D3E4B1C933F7B97D930946C23C2436
                                                                                                                                                                                SHA1:58F8DBC0D1F393FD771101387017C6E7DA6CDF4E
                                                                                                                                                                                SHA-256:1AFA6A41E56F104AD31691D047616016A9B263DBA0C62D785DD776A95E4843BD
                                                                                                                                                                                SHA-512:330666E851725AF1CBCE406F76B7DDBFD2D39C7693C4D84517B9343E10EAB0B04F55CE3A4808C4A058811379BC4F96A1404C85A9FAA09FC06CA561A9C06BBD82
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:I....l... .M...i."7..i.1...O.c....Y..y+......[........r...[8..8.j..XG.E~O..8...6.u.......E(4O.ZpBw..........:....Z.O.?........P5#.......y..z.F.........n..I@t,N..r.....=...t;...qi.....).7N.......&.+.@.>$s.5..AQ..&....@.Y.......J..b....7..)".=c.ay.,A...y[..kzA<.....e..<e..F...,.+B.\._..:...z......b?.....2.&...C....O...;..".P...<.._U..9T...(.M.E.h...~......;c...QdoL.Z4..&....FP..k.....N.Y...hd<(.LI...<.Q....;..y.hH.;.#..T/..p..{..l0SiU.....+.C.$..ff..$.*.DZ.V.}bf7.D.9+.8.#.s.OH....b_O+...U.H.}.o.0.Fov-..t..nW..o.4.L...&. ..h..^..}JK...>".S0n..Kd...'g.0..iYA...f.7...{.p.%u)....1%. ......7i.....gv...C..q$.N..*.....Tj.......*...F.&.Y.....uh?w .+.#Zd}GH..o....p"...DR.....S.6..p.7.......,..&.2q....c..AF3H....P.....'F4u....s*P}X#...jHS(......t....G?..~2.~..84..G.N.,Z...FCJ....f.2l.=.P...o...`..3.n............._.g...;...UvI.%.m.CI....k..U..z..Q.{..uq....j(...JZj&.[C}.o....ld.W4......K...0.. U.]........7nf.%.(p.?.j...4]=.M..T.).rc....X../..
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37301
                                                                                                                                                                                Entropy (8bit):7.994618713530527
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:jNK3JoTZmpL/i9x78zIvIN+1k3LMZZEA9NrCIBkH6ztNGF+JoEEn6jZY0:jaAC1zIvIN+1bZZf2IeTF+rE6dY0
                                                                                                                                                                                MD5:20985F28D08525771DAF2F92A49F52C6
                                                                                                                                                                                SHA1:ED363C1C8ADB119D7D3B49C78D45CB0C5ADFCED7
                                                                                                                                                                                SHA-256:D6C84AE7CA82EA06276542030EE4B9006FD72C3A140500BE9C8AB97DD377BF98
                                                                                                                                                                                SHA-512:BC49784D2F264CAAEAC4E2B6B695D562D3B194200151DF864BE9B46B8A6D6F95D01EC7F58D85112F42272E65EE2372E14A2AF613FE67B3EAD43DEB815F3FBCD1
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:{.).....p.."...%\M..........[...1....S3Do.,S`.A......m.F.t..^r.z%&....4....7>$U.....4.:...-..=y.L<..9.,....7._..V...03..#....-.....y..}!(.;T[.X.......?....?..i.....b..#.......S.{...as._4..!)x...u}d....*I..._.F.3..u!G.?..w....}.bb1.@.Z%..B..y.*!XHf.B..%........D..o...Z..BaD.\...?#.c..=..$ilA....H..q...u....a.x@..aw4..."....}.:..X.L....K....}.`.V.A.`..oH...,.Az..BG..VU...(...T.Y.w.....5b..6w..n.....,......7.o]..S.[n>KP...z)."..W..u.R}y~..?..Z..&%>~...f.n.......V.dk.....v,.<...m.lW.g..Z.m..'...<..,J..........\s..gb`F..k.d1cB....l5,?.T.)m7\#.2..?..3.;./..WH..K.>,....v..9".s.:..RP...*.6i...KN....%{..oj..... f..L....?.^.m.G.?.~o..{..........[...>...,>tt/%.j....z.5. .....7.L.v.....P[`..e9u...I.w..!O..uw~.....@)....c.irG..(n.KP.h..........$D.l{[..K...QS.....l.......8V......!O..\.....v^hk...78...15M..r...q...s.@NV..Y8.Y`.A.j..t=@..G.!..].K..(.YG.*...V.3f.....(n.K@.>.r.Y..4..F..D...6.U..s...f..!...s|.Tj..H....W.|H..S..........\.cV.m.!......d_P......
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37302
                                                                                                                                                                                Entropy (8bit):7.994864904824897
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:a4djfJf8gIUuJ2PNjOiSLrfQZ/12HuAZzCCKzwq2PiMFMrT:aWfl8gImNjOikq12HuvCrFqT
                                                                                                                                                                                MD5:93D7D55C938204BE5B44F2A27580780F
                                                                                                                                                                                SHA1:2BA622FC48CA10D20A064472163618158ADEF1FD
                                                                                                                                                                                SHA-256:669844FF28F7D917CF6FF7291F0989E0E7FE9A174E24EF000ADAFF0FD9404267
                                                                                                                                                                                SHA-512:A40BF5AB785F68055F3ACE21ABE01AA1BE5A11ABA196722766A09FBD548A7FAD1E9C00B113C160F7FD477CEF63B272FC3998F461CBD8F3B3D6E3424404430DBB
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:..LP.u..v.9H"F....u....i<z<........(J..{0B.\....?.?.x.)....i'`B.yP.f..E...X....5..p.I..........k.Gn..T.pF..t.fW..Ee.l..o..G........m...m6..st._q.....\:O$......?......:YC.}i...5.d:`Lv...Ig....]._...g...."v...9.K..p......K...^...q....,...3\T....y8..H.c{.l../...,N}y..%|!{...6nG....c./v.)4l..w.........:...../._.......G.?6.5N..8....QfTID......P@..C.c...!. -.l...1.B......._..H1.....ag|..u..X!2....../.....FE|...m...f.....!-X......-..e3.H.R*4....M..j.!.\..AqZw...#$....O.D..+..c?...).r;..,..b.4Qo..4...@.a..`....J|....FJ.[.9#Pi.q....I.nBJc/.I-A....sB......K.{.#.....Vr.......kN........./.|.\..Qlx.....r7...#~...i.a..h.~.t.|.8.n......S.Z.<c'#.....h..v.....9. ..>.^(.JM 5....:,.c....n.'.i.Z.....S.....j....}.3p.a(...........`..........K......0|....Y0.&.'.....gM...waQ...J.f+.\?.....4}s ...$.o$..%....T..t.......j...~Uq;./.I.^.1..<._.=2../..Y2/..(.T...[.W..A.e...].H..i.(..c^v..O.....<.%. .XEk..g. .!.)..Q.TBh....#......:..w.....^.W.L...5.B....y)S.:N.s\..aC
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37294
                                                                                                                                                                                Entropy (8bit):7.994956114293576
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:BIJQd4ib9nO3J5nbCwxtl6Ub9m4E6E2uEKclTn1PVCSftjm8:B8iVOZ5bC67b9memcRdVCSL
                                                                                                                                                                                MD5:8D5DA22DFB7D689E6CDE4724C027759D
                                                                                                                                                                                SHA1:817E6821F9E44FF33BFFC4C6ACA7F9AA701E960C
                                                                                                                                                                                SHA-256:3E16810511936237FAD39D0A665507C782EDEE9C82FC8077E44817672EDF0388
                                                                                                                                                                                SHA-512:F09D5DEBD07F7B1F45FB47FE3F7545C496B42D90CBE89424335527CA567334904C639B7B5A2D8CDFE5EC46718626EC01981B911ABB4DDCE04493EF4C52551C61
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:($....jP.b.;.>.Z....... 3.vP/a...F.2c(.i..^..;..u.U..4Aae.......H...6.......<..X~do...]^...B..(...%...._0.)...S.8Js.r.|C..bp.E)....M&..{y.......'..e...U..3.%.d.Q/\..>....P..T..Q DJ]...MRL.....d.(2#.~+pdN.......+o..G;.D<.....h., H..|.......Q.#.Irb.jj&u.]19\..=H..........k.Q..7.....wh....[.K...L.<3...7(..8O..-R.v6..!....S.#....`.OZ.Hg........wF....,.l..x..iSq1......pT.....G."Z..#...G....x.N.>....Qs.........m....6.!.=:..-W..f..ku.'r.!.S..,[XO>...}X...<.s......0..=..xH.....E..O.........E6.q..._.I._..[D.n.M.f...P.....N....1.,..,...!L...t.9;...2.8Q....8.?...m..~9.........}.cD.....d.o........z/EC.a..@......,.....>.l''.U.u..c...k...%v.S....u...u...mp.~..Z...G.9.J.yk.GJ...C.is.O..Im.ZzH..b..<.:...*Lk...m..^......]MY.W.Gb`~..N..:am.$8J..y...ps6o.Ta.Hu/...^=.V..{....%....X.....#.E..=..0n?.=..i.%`.#.V......"8./.B...I.%..:.y....k..7m..U..{Zsa+...m..%l.....>.......*.F..yt.....I.....&..1......6.....4..7....z...\.......wV......gg...e...T....s.c.?..#GD..w.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37312
                                                                                                                                                                                Entropy (8bit):7.9949694217723115
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:YJJ3bR+2ReQzN7hLnSivK/6Ff/H92f5cmd7IcGutxOt/mGznJns74Q:YJzzN7QivO6fs5ci7CuxkuURQ
                                                                                                                                                                                MD5:EC386F7612798C7EE52B6050A8FF7D25
                                                                                                                                                                                SHA1:F3786FC4237E64F9D2C9D15FB9F46ECDC76A6C07
                                                                                                                                                                                SHA-256:473B47D3B0486843F927D2267D28DE654BB99CE08DD1A03A19D620021D2175F7
                                                                                                                                                                                SHA-512:C0E7FE2BF3C0A27A3EA7FA0FD2CD472BDC4AF6F4E666B71F50FA61235C6B4FD7EB01E3D559B3F1EC7CD5B03040E034C9CCF0259AC450A27EB8530B5553870626
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:c..}v.oV..:1E5x.)...#....I[....GR.j.....bu..[Ne..d.3q.."(AZGr.u.........7....HpA\...F!o../...5.....k......K;....$....0......P..b...%..4?.3.....F......1..ixqZ.!.0..axh....h.....d....... l..[..7beF..z24WK.<8.:....h.'Md..W.#)O\.."/....8.z.9..V._..9.D.u..p@.I.Z..*y..U.0%.P..TR...+[6.9-.S-.`.. ;.Ze.k...@C..;V4r.j.....HRt.o.I..>......h....I....i..R.T.0[.....U........C...l..fl..(..A.~...1......o.(..'.`..{8...hT..0...q..WB8..|.p..O..}..W.*./......b..u.z..-.....n.=l....<.Al2...8'..#........"p......5....<.......Rr...SH...aRy`..}...)..I..lI..M.N.}p..d.._.57..Z.cN...2[..RUD.L........k........ .uDd...JhLS...?.....c._...$tk.s..:...6.......t.....Jr>...........`.0\..Rw.o,,....?....gO...fCd...oZNmN....U..e.gl.....*MT..:^...9...X&.......2.W.Y.f. ....(..C/...}.7].M..[B=.._P.........y...]R_........n.%.;sBSo_.......L..........?.....C...Y.d.5.........a..}.Z.....?...K.%....Ho..f....T,......t....es.0|....sCGKd.q?...$..U.b.e4..O..A.8.Zk.......=+
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37294
                                                                                                                                                                                Entropy (8bit):7.994776870300477
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:rH0tjOQySX6xWrGhbZAhXR0pzV4vZbRwBhwipdL:rYjOQye9ShbZA0pJcZbgh9R
                                                                                                                                                                                MD5:E31E880ABA0E1DBC11F1082A99BFE75C
                                                                                                                                                                                SHA1:F46C4B382EAA7B4A01BD61BE5098F60D4507A1B3
                                                                                                                                                                                SHA-256:2C7F5CAB3599E750046DE642A79C44AB545F484C85B09C909A6D6845DCD7F5FE
                                                                                                                                                                                SHA-512:FF4D9A7F16F7100BAFB66D1ED5A87D11F2A224A5FEE3AD1E28B24915A10694EAF8762C3DA81E8365648401AF724D6C9C7B83FEE2BCF7E829B8239715B44B813D
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:@..n.........7.hm.=h...L?..Sz0..n....!.....KE..wt......5.7\&DYK.p.v.K..f.2....C..l@..d.4.?.4........4c.}...<J.#4..o":.{..G...8v.#%..o...f.%....X..5w.O.....j...3.,..K..H.x.q...5...BA&Gw:%U....5..Q`).7..K.L...d.c......QwU2.......g4.q..7......n...~......2.V.i.S.I....t......#.|.i..I....u.G...U.S.p..+.z..Q!.-....IK-!......H.|...hj...;....c~....8dU.Av|^./..E.A\=`3.d.."T....+.[....nhB/n.Fl....~/.A."4C..3.........M..i.h5d..j|.5h..MLZ;$..\.A. ...,-..}\ b...1w..6.BlN.u.rR.ze.Y.<...Y8.2.S...rM^..:....L2.g.t......).a..x../....b.!.UY.._.rB../b...<&J......-)...|..4..cX..Y..zu.S56.5b..Ll.Lg+..V>.ubp.....e*....R.K.y...C..L..lu.|..6...s.L..|..FiN.i.?...E..)..y...$~Y......`w....C..v.N.t../B..L.jF.v.C....GxZEni.5f].{....wt..h..<4lP....`m.....81.....G..".{..?.r..!_.Ys.na...........#.u.B..[y.!.%..}.hC.b./\.[.U..n..M{Sz....P.`..Szp`U..tN.O.G.{.D..g..%1T..W.B..v.v+.R.E................S.%.S.'.%,.t..Q..Q..B....v.a.l...q...W.......L....T.$....I`].9.J..Z..zr.o..}.t..Zt.eqB
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37307
                                                                                                                                                                                Entropy (8bit):7.995004215708523
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:JsHNSxXD/iBD4FWPVjCoPNw8VUNhOfZivez8rAgtV1oJa5:6HNw6EYj/F1ueA2Q
                                                                                                                                                                                MD5:F0648E54928035E826AE7CBB0C5390F2
                                                                                                                                                                                SHA1:1C8A2A28E7D82F14ED3D5D807495660029789792
                                                                                                                                                                                SHA-256:B031B8A7AB7EFE92AFBE7E915F319A0F785C436C5AB79BF858B70EA6030071FB
                                                                                                                                                                                SHA-512:F37DE309E0281F08518D36FAAC35ABF2780C011BCFAD22510C006059450D630AFFBC03BE98D37D2E2866F5C100ABDC045B1EAE9100EF304ECA794ACACEEBBD58
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:)...58b..K....r..Z.}t..s....>.t#........B..V.?....:!z..L..0..!J........^l....67....(....:..v....w0......DE..:..]o..p?.$.6..H...N}...5oRWl....XV>...$....c..B.9._I@...}Kj...mD..T.....:....g/....A]e..4.E!.r..C!b..py......2..........K...sy>.,.N..Waz8..s.?...l....!.+c.L....!.......3X..%.U.7......&<.<.....{...j......J.NEa..Z..z:..@C....1s.8.....[....-]q...Mt."%....h.....y....o...<.....-q...*..6.....Q\...S..n...........r.;K....9<.K....X.t2).R.j...6..;....IVMA....!;._A........^........y.z.(..kK..K..o..b.......&.qJW..aU.p..kJ....06....?+;.t..p..\>.4....P/...%@..r.... ...v.......x30.......c..;...#.qP...V......}...+T..e.=^.r.....b.6#Z.f......'KuTR...b..9E.m1..........S..".~v'.1KwS........:.E4...W:..#...q..~.7.....e A.+...G.8.*............L...z.h........E....5.9QM.6...@..;}QQm..(Y\..U%.4.>.?h .",L....-.'.W...bDky.6..F.>....(..y.......P*...bYn.h.Z"z...~{.v+._U...<d(.....GO*Va8....$1........Z...!K]..~m.8..E.M..B.E(p..>..Qt...M......|I2.W...A...@...wMx.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37301
                                                                                                                                                                                Entropy (8bit):7.994167270166655
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:X9VyR6YwJ172xnj5fD3iTir4OYSD1j9wKO9mxBpdMZXqNcr1cGL11prrHE:NVyRAjmr4OYSR9wK3TiXGecYfp3E
                                                                                                                                                                                MD5:A7750BB719713A1862BBCE2ACB4ABB49
                                                                                                                                                                                SHA1:61D7BB083F374B59DC00A2B83D1045B6804C8159
                                                                                                                                                                                SHA-256:CEF04937A8BE64837B1343E611C57E605CF511B5D2BC2CEF9D7A1E970F18AE76
                                                                                                                                                                                SHA-512:5E69354723F6610424B906EDE5035DEFF1DF465591A2AF4278EC74F36DD8723913665B15B66ECFBA1C797B1A39DB7C54DECE2F1B0D02C73F043DB8E1ED9410A6
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:.'+.j.N%.5....IbX/4~..&..H[.......g-E.......".8.R....,..5.....!M....s...:..7....TC..$~...W2.G=Xt`%KT%-..q.a.hQy...k.......<".}..^...U....3.a...u.<..C.9...........u.............h,...pFe.....<t..j..+EZ..{...k..E.*..T.`.3..$(.Ch....C.......W..#.}..Q.A.os.x..M......j.U....z8a)s.-....T.#9FE2.T....p..a..[..ED..z4p..EE`5MT...&R.[..Q......'.Y.Ya..N. .0o...}-...}...f..\.k.0x.#g.c.{.......*g.#.\~....%...8o.9..9$....ge.t..".N..Q....X.m...B..o.....I...A.X.>.T.."..w.....P..].{.-....,...Uw.^/N. {:7`N.-...@.1...\..f...Ko4...@......./.NH..q.b.P"..Nh..!|}.WC..n.*.."....2....L.oZ...J.T....P_.5`z.k..B..L.^...X.J-3...d..Dv...S...M......K".U.L>.|....y....=.._.p..#.........4C.....H..mb.....". ..`i..s(...!..H6".......Kp.%.`.F..*..Y......$..~......~.x.nz.....g.F._..y....U...D..Dj.,...I1.9.'+....?....W...x\e..t...-.3...!65..V...Et.;]................U..F. ../...q..bT.".y..A_...~...h=]...@..:j.\...B..99.....!....zT..D.$E1.kN9Sd..=.p{.1}.Bb..K...-}.7.y".....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37300
                                                                                                                                                                                Entropy (8bit):7.995678356828738
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:vJHFwnH68bC4fFThxuynp1wN3mCM8WBaC/dgLcpNZnrpmNv:v1Fwa8bDdNUyp+36H/wc3xr4
                                                                                                                                                                                MD5:2556C89E5FF868818438CFE15EBD851D
                                                                                                                                                                                SHA1:AE04629315B1F8B265396EA098196912F84E0475
                                                                                                                                                                                SHA-256:F550C8D9AFCA70B707F957BB2DB88B8EFE431A73DE05BA74BD3997D745F0670B
                                                                                                                                                                                SHA-512:D42A8B231EE9F65B81B2ED8990BA199688FBF2B41B1A81D40F8618E12992782A9AEEE5551B980F8C8D37762A04EC7F43F9D5B19A1E1B7332A32FB384DE684DC1
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:.n^.U/9j.!i.E........\........z.i...&....n..rn........=et.Z\..\.M;5.}P[....k..Mt..{....X.t.m...(.:...}.B....^.,.....o...o....@c......u....%.Kx..R$0.6T..........#CT.....|..a.C.,.t.Ac.l...B...p.joF...:u.......2...&...s...b......?...LW.....J.y....\P.s...n1..;..U*2..l.0Z.B....@....OQ..S.8....c.4...%.~\.$.M.A.dpt.K...e.E..c..,...dv.....Ud:.G..w,<.:.b.Z...1.....$..".-........X..5.._..... (..8..2...XX1LyWcjf..yJ..].Wj1....)..lY..+T...I......._~.....G..Qo...H6.....3.#...._...s.b.o...,..xX...+.....z.o....3Y.fQd..Aco....f.. ......T...4.w......\....[`..K~*R6..m...'..~.jM&.d+.)j.4...Y...\....A......6...o-<W.;..,.p..P...B).....P.!..4t...+....e..UR!3eZ...*...,A...I...(L..v..s3.&Q.J=.Q....+.'..NIh.v.g.s..."..u.g.!.`.a..K.z>.l.=.*f.$g...O...n:...FWi...........*.H..;:...H..D...>.....u`.7\..{".Dp...k,.fn.......5.O"c."...'..u*.Z..5......uS.c.~.x7m..U.!Q*.8...d.K...y18j.#.C....P.vd...H.u....$..+..*......*......A.m. ..4..62q.4.i....K..So..R.KB.....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37301
                                                                                                                                                                                Entropy (8bit):7.99481613698759
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:8QeSS1lPTIDPdImUv3FRiGGf4iFjnTd+5jQ+QZrmFtnG:8QeS0lriyJv3yf4iFjnTQKJrmG
                                                                                                                                                                                MD5:28F5B65811DE89A91509388A02FDF3BF
                                                                                                                                                                                SHA1:5D9FEB6A8EAB414DB4954F43DEB16CFFCF88F5CF
                                                                                                                                                                                SHA-256:BD5FD5E73F883F0BCD3DC826743831F980252752243C91C694D4981DC0E382C0
                                                                                                                                                                                SHA-512:413F630A0E5A7A89787DE8C55F14A0FB2C8203F3324606E10BB5031353DE69999FD78371C3EDDB651A9A7D1AB8A35ED699047E09BD92A718F4D85738434047B4
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:E.Y.0-`<...6..;......{p.T.9..m....E.......1..h......~.l.[...O.7..e6w...a.5 Q..S..'gM.\...)........4.1..mpR..^.''q.y.?g>z.5[XvnF,o.a.Q...9U. ......."`.....4t.8.-...jH.....:....1...-m....Z....{....cb......"......m.JQye.@.....@]$.U...9....G^......Hc*.'.......0.f.|..H..h.......)ch......[/)..j.g^....(.B+...J.....".Qm.*.sQT .@v...ZJV...%..`.....6/D....n..`.2=......j......$kV._....{n......q.$3V**....a...`.O..@.I0.....). ...-..-_5......k..3~.......v....#`R..Q.je)#..\.......:.V5..........*0....hI........m.t!....8c........... 9.{..4.....N.O...b.r.o.>H0.4...%........@.5..U2.........=.;n..........j.L|..xn.2.m.Qs.H.....:..@).\...R."X...N.QF".........;.... 1.d.@E....%2..q...#...=.Y}f9..3..JT..V .(.`........S;...p....#.Q..B....%.,..9._W.s0.g2W.._(|.(.h.'...!.C.'....w..... ...w..o.q..cS.t_[]<A...%.......l.>yY..@2..g..p?u...fg......g;k/.......?"x..C..iz{;q.......J....zI.-.x.L.b..2...2no.UC!V...g.|...Z%+cSB.....m.6..Y,..O..g...4...0..M.V.~..."z>...>.e..V..x.Z.3.t.k...r
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:8086 relocatable (Microsoft), "\343]\221f\200\374Z\324\2440|:C\025)\207!\275\256\300\035\225\260", 1st record data length 257, 2nd record type 0xa7, 2nd record data length 2825
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37314
                                                                                                                                                                                Entropy (8bit):7.994886709340095
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:9uRsSpbbT71rJZvMXBGkZwug5CXmunZaAGmEqgOES+hkEXq3K7G:IpP1rJl5830CXmuZaAGRwz+dXqR
                                                                                                                                                                                MD5:84819D986B3F581F79A77AA299230E32
                                                                                                                                                                                SHA1:2B248DD679191CF4A93DA8A4237A0CE37EF84B93
                                                                                                                                                                                SHA-256:2E1B15DDE4B064032BB1C273DF6E574E3FB060D44F7EE3D91B50A8AA449E71A9
                                                                                                                                                                                SHA-512:2A59B741E6B9B9C6F93090BBC5580641C0285D119C6162A15DB9922C0269617308DA491E68E358BF872DDE880D7A69E25687F535E2FF74BE991AFBE54822D0C7
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:...K.].f..Z.0|:C.).!............`.4g..._)...n..?s$.c....W.Q...N7a...,i.,.j.C.rZ_.C....H.f..Q.ZH.Zw..[.F.D..'..b...2.........`.5..........wY.........p.....!.z...~\.T.Y.<U..0o..f...HZ....C9.........{6v.....u3B__H...#l.<..........V.I....W.o.$..L.Ye.........W......P.%.....J....u(.g.(5.jR.6{....4..{r..H.=R<2..k.)...v.9d.D...FT...Y.w.T.v#...IJ...U ..=.{.N..>....0.6^..&d.|'..T.%L.Q....Xb.{..%Q.L..X....^x0y...4^...s.@..w[..-.z..).-.6T....6...5$.-.....!.>..K....]..c...^-.ij...,.(s.4[.) .S...o..i..D..uN.]c#....N.IU....x.:U....f.k...j.5..2!^d?.|=...8.@....D.T.x*......^...hL.8.G..F.08..|.w..J....J.k.........t...jJ.b..Vg...d.E...Q7.]U.f...w.?.MF.....@...llH(Z.KF'.....-z.O._..R...|C...r......M...._Vlx_......T.HjSFn.g..3......J..&.[.... \.4.....+B."8...../8....K.+...L.y.z..C.Qc.#...@.d...-.sr....jt...v.;.._..,..;8.P.P{Yx.}.....g..Y3s.b)W,.O@h..A..>.92i)Ls....;N..9.Pf..d8....;.hAJ8w....v........>.m..."....TU....h.l..#/!.].E..................hW..KFP..
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37342
                                                                                                                                                                                Entropy (8bit):7.994778831064859
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:0CYeQ/CrYJly/K//S7sClXMHyKUKATWOXpQODtx/:0CeKiza7sCXMHyKU1TWOZ13/
                                                                                                                                                                                MD5:6DAC464A5B418BCDBBD9C14E5E2B6020
                                                                                                                                                                                SHA1:DBB24E62A547A8C07C577C389B985340760ADC06
                                                                                                                                                                                SHA-256:34E5F80CE2EC19B4F7056CCFF73B5D09310F4E2442CF9A3085D523FCFE3D6953
                                                                                                                                                                                SHA-512:0D21997BECED1C69D3659FF54DAFCB8AF6C8F84C2177AE0DA1BC74A5C99F9B825491EC71BC4AD4722A55F320044636E5B959486B5F2E1D0F5B1633B6D5ECBAFA
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:_...U......M E..:d.5<.......x+6mO..X.;..zL~O...3.JV.G.n.....--.).w_...@.~+T.....=.....hn.j...F..jw~.....x.=....-/.p,a...#...#...|K^.d.....0...1p/C0F.....CW......jN..ZE.jA....DH...~......=w.{_V....3....4.O..,..'$e.q2.....Z.u..gjj(.....C..,..).;.5.:....8.A.i.y............k..G...&.....Z...@c...+...H)..k...S.lKc..0{.ov.9_.n.r...a......l.a...l.bn.`x....]f..!Z=.IO....9....x..Bn..(K.I.6'*y.b..d.t.=..v.....^5.zg....k..""N.(.>.5Gi.y......b..y.v...R.o.G."..\"bP#\...*i.G\.L..g.......y.l......g..<...?...8.........:g...I...p......2.....`u....)......H4..Q....W......{.%.Y...'.j.)..f..........w.9.(t....+0>~..1...xG.0.......U5.H....C...&.........>"..N.?.v.!..i...~@wc..s........../..z.o...,t[..\S..D.....b.o..........)3}4E..`..0..N.v2.....D....$}j..t.Nb.....txb.n...A.h...H..8..P.KQ.{.(!......,X..NU /p1.|.{..U..b.U...)]....A..%........*f{...Q..C...h.6d..k0.N....i4.c.7.z...1..5.*.T..[..zI.|....)wb..O6t]aq#..no&...L3.J.}:...4.m.a.DR......j<>{.'d~.e.m6.wG..,H....F...i.....s
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37332
                                                                                                                                                                                Entropy (8bit):7.995197831877288
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:A0j1nOWj9zqzVbr3rEJbvV5xZWWsKsmC1WmDpTI3nt0wt8+N0Z:5j1OUzGVbjQpvV5xZWax2WKp03t3tDE
                                                                                                                                                                                MD5:85619E16479481E329E7DE7712462F9E
                                                                                                                                                                                SHA1:E3DA75A1922F6AF5483DA4EE0399B5B66203AD6F
                                                                                                                                                                                SHA-256:EDDFCB782980753C81ADA032A8594DE235C1B13083ADD71F8384B81972E577BE
                                                                                                                                                                                SHA-512:6400582886D43F1BF327FD2734488D160E8458B5F5D5B3FD6A8071EDF76DC08067013350B373573FFC777C3B4A1470D14596FBDF10954D99E6AE74B6BC411BD2
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:'W...A.~.c7..<.6..mEA.dq,%.-...o.....thX.EL.'.5.c....9o\...BZ.5(+...RG...L....img.[X..ee.......n.......x.k.........Y.{....S..F.0..O...=............hX.~.Jl.....>?....?.G..2i.u%....K......QC.p...........E.W....5.]7{....s&...A""*R.|..$...f..y.....c>.._..!L...[BYX.J.\.1.(...2...M...........h%..vp.=.{p.-v.0.R..s......L>.YM.?....DFJ.f..n.......Sq.`...>.\.>U.KL...yH..)~....>...O......vwZ.r.1.jm.0C.S<X.oe.....`..m.....M...m~.B.[Rwl.d* =.?.mn.6.nM....%...4.wp.c...(.cX.*...,.~.F.{6.J........R^...B.$.+.&"...^.;tK......}..v....0..9..x.$.....a,...c..i..}O_..i.....^.... ....0w.....i.M...3....D]<...e...H.W.(.....<.....n.H.)7..$.,.3....{...<,8O..AB.....N..=.6.>...C...*...wC.FF..qv.b.,.:P.a..n...........W..~u..v...H...f..g.,..@}v....{wJEl.]Hb."Euc..qW.1..{..f...K....... {..7...s..w)TWfl.[..i......?....bk.>....E.2..,........j..C.~..#..IvH...Z.A.?..I...n...n.fP..[..:.q.0..'.s..X.&....f..g..........@.v~5[~8.....c) .W........ph=...v..R-$.Y>..n...f=
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37312
                                                                                                                                                                                Entropy (8bit):7.994971872026663
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:JiCz9HXwiMI+TKSe2UklxaWAIjoPlXAJ7sFAPutfdOEr1amrrSCVq:JiCzpXwrlVaWACxJ7ut31jbq
                                                                                                                                                                                MD5:10A3429426A064BCA269E4BCC62C377C
                                                                                                                                                                                SHA1:62E6435D9C59BF7763693BA4EEEECFE055DF0919
                                                                                                                                                                                SHA-256:DF72ACA82B73CABE742C3BA41D057FEC97E549BE4AA11E7032B3C2091AC426C9
                                                                                                                                                                                SHA-512:866035DA8B4FADA98749E9E5A8EAC8B64061780EBB48FC1E6383D566DFFA080CBC7B5D706A52DDF8CCF5C4C259D57A2948F354710D6432742E05D5375ADCFADC
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:.c.H,...q.Ia."W...kY.Y.\`<.$.Yg.;.^z.<..d."t.!.......v.c...0M..^h..MW.vA.J....wM]...g$6k...m..<Q'...v\....W .v.2.....Wq?.1..}.>.s........)%.=..........6.G...R.Lf...o..I.......{a....c..[.2..d..N.[..X9hZ5......~.7.........J.J....?o#* j.Vx4...V..X.F-p.!?.*......,.3.%k!s-.....kI.e..M.xc*Yzt..Mi..e......v...'>'].Q._...<#.....h...RF..1.A=.....k..B[.dpA5)..W......d.y.m.._{#....^.}uh{IJ.:a8N..w....}O.....p....*M.8].g.(...C.P*&a........~..WuP_L.R.a.o}J.lU`..t..2......\.p.._..@%..Z..T[......E2.K..)..4`&u<../J1.....;M.0Iz..sjr..d6....'....Q^Z...\.8.....r'.2..".;*...?.t.K...2..Z.-..2.."%..../.c...P..C"U,-....j..M.R.....C....4@..v.J...b:...ZJ..;V..js~&R.6.....~......-...y'.b..W$.!...@.....o...;.Q..6.).K..."..H9.L..M...(\.{._H...>j....t...Q$.3..M...1............j.Nk:.6.~.Sm.G.,.A...R..+..nz1F.gDow.C....E....sSH.i....].{...q.T..p......y.2.w..7......f..5...5....<n<w%.J...2..].s..%.t?..Yp.`.k..h[.P.0.Y.(,..7..~o.>O....}...<....u...M:......+GmU.....=[X
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37318
                                                                                                                                                                                Entropy (8bit):7.995041697254379
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:lJU3qsGDb0zTzr5r8LK/4LCs2o5cbJZeIucm/oIia:A3qwrl8L2wC72cOIufia
                                                                                                                                                                                MD5:CEC856E8128FC97BAD377A8E79B62E72
                                                                                                                                                                                SHA1:A5BA6AEF13F3A9ADCF8E2B0B1968AC8DADE72198
                                                                                                                                                                                SHA-256:C5BAFDB03ADB7D3290AB7418121916202A34CD677CC74BA80A35AF032684CF5F
                                                                                                                                                                                SHA-512:809CC043BCBDDF369FE02AA4E9A9B2C2F6B4D309AF6574F67B44EE662857967ED639F118B4DA76D9C507DF402DC12EE90B2D66C95027341A5D209D0B1E276516
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:..b....g...........Yi.!.bf...G...7T..:$...#...\I=f@.w.u.ep%k..{,.CO./...=..)...b..w...D...t~.s.wj.\.../H......#}...>..XU..!.@.l..@....%....C.K.o......).j.HJ.Co@..9.}...;I..M.C..E...`.e.H...Z.e...8#Z.xCD]e6...i.g).....h...K4.]..6.8...%B......M@...G..+..}r...$m.Z.-l....k...rmK:.-Y.....Tcj.!...z0A"...7A.(.}.|m* ..L$..&.b.%?.J8O.-..KQ..../..R..m..'...4..f..p4.......,.]..U5w..b......4.9..._=....;.Y.#Y+]00.GM..90h..L..M..`6<....|.:...rA'O.y..R..0...znP......eo>......:?..[#y...{mn...d......:P\...5.i&9...~..RG...HN.z.<.De#If&.I.3..F..W..".L[.........t..T$p.Z..]$_Y..$.....el.W.8..t.8]}...w0..F.a.=q1......\...o.|.5..3n....M.{.....~..X{)....v..w.....7p.(..F.....r.........#..;u. .r....pM..5.{.kC.{GT.1P1..n.....r.g.b.>.d..B#.!...ht%.....X7t..n[.?...H.....J.,OJPk...'~3q.......2Z^%..=....#...+......P.I...c..l..Y.;..b..p..<Oe.w.K......S.B..J.3d:.......o.a3n..I.%...;.......{pY.&c9....lzFP|W...X8Ty..".m..itU..k..h..Q~~.`W.. .=.l#*3Hn......D......
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37311
                                                                                                                                                                                Entropy (8bit):7.996082037009948
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:J4lJdOmEYmLMG44ls+PR0kDaQLFgUw6dvSCQ8xX:aPdOmEYAO+PRpp7dvu8h
                                                                                                                                                                                MD5:2D4D4106E51CCC0423B955462ADF43D5
                                                                                                                                                                                SHA1:693FB4CCE9C3AEF049A8D580D5424DC0D408548C
                                                                                                                                                                                SHA-256:AA94D70B06A06E0B0E3E8AE0A31391BE94D33A6AD6CA2C8AB30D13C286CE4A71
                                                                                                                                                                                SHA-512:CA6F6A5DEE4042B92A8CFF7BAA08EE6BE295618D2C34630AA7EA5BE9B060214F3AC9AD09003BE44B521B6B5C626E77EF401CE2984914E4679B19AF171D0CC531
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:........Yvs.~ Xv.;.}..a.=.......Z.H)4Pb+..`Z...I/...:...R...~.&...\.q....s.y....|.b-..\.J..9...{.....9.a....}..4\.43.*....%.............~Oi.]+....".C-Ph..G.lYVR.H.h_.G...F..y....%. ..!...T....)..~.P;..._dJ..$...J.F...P.H...v1t.....q.Y...KU5.#.&.D.....`#.IcF...cb7c.Kic..JR.N.....!...`....uF...g3'B~..fw.:.4.....[.....c.'...^.9.}.....=:...5....5..WT.t2y.P...8P.........C<............d..B....g.!...0.YR...*...&._..x.....%....B..k....q..c6.4'v..A..).r..`.....PamTOk.2A....jj....1/.i. LFF..W...7kv.....C..y.y.1....X.!..[`..x......zQ..qIy.y.9w.v..........-OI..."5........S|.../..b......).3.3....,.J.1.R|o......(.W...!>....K"..8..?...qj..e..6`C.0.}.Ew..>..K.......W...Q.....w5.,.h. ...0.....4.HiZ;S.G2.....J*.)..)n....$..I.....l..86..&!@..DUw^W..J...t.F....8.b.EQ..Z.J;6..4S8..G6......$'].r.{.....{b.&)U.o:......#.)..[....->".0c.$...t!h...hx..RV.....N5..cw..tV9C.R?}c.^E..W.[......v..l<&$..T~]......F.........C..P8z...pB...d....Ru.(q9...z..L-F.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37316
                                                                                                                                                                                Entropy (8bit):7.994794284793844
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:f3Zc3iPl4tZWpPmYuAhcPqIV337j11E1ZV2Vq3TUEJs:xc3eOtkxm0cP13rjM1ZoVq3ts
                                                                                                                                                                                MD5:6EFF66C8B8177F2E1D0B072AE0EADC1B
                                                                                                                                                                                SHA1:0AE89DED33A7BD82A05600BD32FC2F64718581E8
                                                                                                                                                                                SHA-256:7977EC7ACE7415D4361BF53BE9BEF504ECEFAC2ABBD85A035DA14A9FE77EEFF9
                                                                                                                                                                                SHA-512:A684976797ED23E652FAB30036643C95F65CDB4195A73F1372A9CD0B311E80435FB5331D9BE08CD9623F6ACA4C9730042AAC3B63DD46F2B3828D708334F5171D
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:..vj..e..8.[...."a......G.n..7q......l....W.$...Q%..x9C.Z.<.W...b..>@0..Hv......./.|.......pT.H...... f./....L...p.B...8.GE.x,...!}fg.,n>q..V.......1..mj....J.ky.9U..xW...&.... k...........L...'.r.T....4..cb%z.eE....;..k.!H....}.s.%....O...H..P/..E8.h..)H.4...[~...a....mx~...ywG....TvJ..4F...[..:#S..!_f$j?J.=.R..7..e.+..mg.<..H....8.V.......4...m)@E.WX..w...F#..e%m. ..j=....g.X]...@c...Y......i..:.a>!Du..t...ub% \.....6....h.H..my.8......jS.$\J..Zf/.uq..Qsw..b.O...zpe..Y..............m...'.#..i.}<.&.E.Q..X. ....#...kf.8...........){.gu.J{(..n...$4..f.9.h.#.X.....|.N.F...\../.q.X..F.K..4@A9K....?...b..+m.Q/.h.nZW.isV....b...'..=.).8.(N.#.\."..yH.D.v..Gq.w!..P.^..z.....O.d..1..g...Eiu...H).h..F..\_3..R.*2...t.....D.B...(..'.?.......2..@.f..._g.be.Pm-....y[W....g...].....d.o.;O..=..r..nc"..R.-..E..:......ye}Z.......u.._..{...=.?..X..g...H.B\$.M.Y...|.`..bisK#Z.P+..U.v..~..d5....T.$.i}..Y.....?.x...r.jr..,'....u....6.L......h.......(Ui\H..
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37324
                                                                                                                                                                                Entropy (8bit):7.994258199332462
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:384:xq8E/FdIKqbqGTsIfmACTPL98J+Q9fTVss9lZQ4La5X2VDwLse/+ZkiGRF2m0MNU:xIKGImACD92tfGO35QLiGcKpjXciw
                                                                                                                                                                                MD5:A570E0C4D32C3805F1AAD4E8DC225B0A
                                                                                                                                                                                SHA1:677F25B3FF2CE29C1E4335652096D7A0BF97FD12
                                                                                                                                                                                SHA-256:172AC674217AA7D5CF16DF97899C09789161FCD839CBDA3DF69F8B38B0CB6BD1
                                                                                                                                                                                SHA-512:3226314F786A14DD6EBC6372DF1F23AFD7FDB764CF9B85A1CB6A222AAC054143FDC56CC3161E7C13132F9F8DECCE88C74D7D02EC165D66218461E7E1A6E5BD6D
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:.o..W..V....Ep..p..|.h.....0s......}.%M..vRIg~...?..X...8....D.vEm......X......./.......y..&.S.-1..../.l.3..@bH....8..G......5..O...<.D%....e...}...W.1..S.S..t.1._w...f.fCc..Mt...".%..T..d&...=.`5{..0A..P9i.4T...].........p..3.T...#<.B../.s.t..............w:...p.......$.Y.[.L.\..0..F.....gvue.K..3{5]@.a?F['..h...C...Y.s.q..D.x.%.v...X.:.=7.9.c.t..#u...P2...Z...O*..rA\.U..].]..vO....!.(......)..3K1.O..,..S...h..e.&1XAo.-T.2.D...?.z.....^r..!^.....7.iZ..#U1k./.C;"z.Qe.....u+? ..;....`....g.........u.Q.&2!NWK.E...I.`N...X...5$.........-Y&..f...@.Wa...C.}.a.].b....J.^......^"..|F;E.Hl.g{d......7.K.K....?Y..G.;."xh.s...7...j.3.o....[v..2.........]........5..V..cg...(5....T..ef.............,sc..jc.$...7.u...>X..C...S..:`.'td.W..}....5..Q;..[.2.........C..*g.W...N.U@f.A.Y'.c...._.^p|.:.~W......Wq$...n5P.Vy......KWYV.z_.... :_...C.....g...1.?.p.(>....8L.x..C.o0..V.._..M?[.l.\.K.k.Q.9N...[.'%...-s].f.....n6.wC.rX...#.2w_.`T.I..,.,..V......y..b.6...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37305
                                                                                                                                                                                Entropy (8bit):7.995403030890243
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:LhuVayR3tm5a2teO+VDEa+CQAYzlDA1P3ZWB31WikSzS33Cg0x:FujR9v2sH7rYxDAV3ZW55kTnmx
                                                                                                                                                                                MD5:48C6229707273BDEF8227DD0C07F22F3
                                                                                                                                                                                SHA1:2FE726CDC1965155F7787E63E1DAAC619438955B
                                                                                                                                                                                SHA-256:09C4C44892EF5AED90920CF65D2D117121CB51D04F1EA98BF5EEEA7830DE9047
                                                                                                                                                                                SHA-512:6FDFC2AF131B50F7D7CEBB87A932B0EA75D9D07D33578124C5CE9B94EE10321C6105BC6ECDF05E03BDC20B8C10E77C9A56E90362B4FFA4A7C2A47F820A31B70F
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:....Uy...1..@..Y.v......Y.X...v..B\..7b^>T.....r.An...,PQ...~.Y._.6?@. ....\w..U}=5.1..N.....~..9..:...b@.zY.....V. o..a...n.wl......t2.g+pz...R..,*q.C..-a@'...f..C....,..R.4:V../k.@..3.._..Y.N...G..l..=.m..XC.B.<.l..Q.....A-k.............zV,...*....`kNy..L.m,./....k....[H.1w@W95._..r.o..A...l...b...^.....h]...n{B.v^.z.9..X..c..i...$..K..L...._....M.$......R4.f.P.na*N...d.3.Yz.6N.[..cG........*).S_.....kE..X.#.U4.Uay...:.4.`iH.SM..;.$.5\..J....E......Yf...8..-.uOp)q....7U~*=..Z.p...@...n....#.W.+.&....[d.m.bFA.?...\..!Q..].f...I..&...j0...kl?.>.|....j..o.R..J...[...e&..z..E....l..Jr......y.x@. .........S.9.j........!./....M..pi..("..{..R&a$..O....4.I....qr..yc....C8.`v.I.|:.X..U..]..P..8W.+)6v..+......W.....U.m..V.R9.y....~..3.....ys`.1.iN.......v.wZ..=A)....m.<..i.../....B=....0....I.._.6._.^.Y.s)......_.B....d.....7Bl'.{.rc...z7.8......3BQ?\...W..e.-4l...,|.o.{+0.L..S#x....:.v.^.3.9jF.@4..mQU..)%...f.^(%w.^.0...!....f.).rOuF.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37310
                                                                                                                                                                                Entropy (8bit):7.995095428078492
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:51QgLa0ZVUkyMSwNNAoZ0dX4OktgwA8bzdp5QhIM5p+dA+ixLho:lZ/7Tq1+tgFKL5QhImOAp2
                                                                                                                                                                                MD5:0D47B983D6C30DD5759809732CB00A6E
                                                                                                                                                                                SHA1:0F81B91E8EE988C06657EBF071571E01C7772D15
                                                                                                                                                                                SHA-256:A01786D32FBC7ABB43F9988828890EFDF6C5A615872CEFFD2FA25450FF10B4D0
                                                                                                                                                                                SHA-512:489AE4257B804C69153802464186587300A0FCADB785E47DD982A3DAE5C776A77874C572392CE135C2352C5B80DF211FDF79B4A443B0B7845DAC8C13CD28E16F
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:._W.A..@..q..u........V\.t..j7...^....4.qT.....+_Gxs:h.vn....m....r.......{........m...fH....rK0.0c../1.P...O....~+..<.....rk....k..'.!#.,.@.?..tG>...}......|X.l6D..=...Ka{u..p.r.^..+9..F..C.........;.6>sc-....dM.7a[...t......I.Gj...J.9...7[W9V..5>..:(._..d.HE..J..a......Q|..mt..g...b.,l>...Q....{..O.a4...H.1........hL.;.0...&..o.d".A.q...U.p.R.jN..'.....L.+..7<......x:.._...WbV-{..A...\=....C%.Hvx-)h.n.k...R.1.X.......MVv..Cz}T..h}.l.S........'...b....*.YU..d*...)I./..M..(Z.h1......2....t_.FOW.E.t...Y..wN.....{_..r....x..G......*V.8.ny0!..b8Av2%5B8.j[.n....m.n....2.w..^....q*.|......z...i......B.R.H..+G..@n......T?v".."o.h.|.....n...^.B:..1..sl[,.......c/...Ij..s.p.j.g.<./..\IG\...U..=...(.9.rX'#^f..H.hLpY...4.}g.....~^.... .+_.p23I4*.9..*#;->.....;...>..Kh....,.....'.../8.k!..).6YoX....n.q.@r&G..9U5B.......l..G.I.L..5..@~.X....A. ..........G...D.z...o...5...V.D..=..O..S5.5...!.@fR.w/....d.@..]..X....Y..{.]..+4VD.....oc..a...o#+...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37309
                                                                                                                                                                                Entropy (8bit):7.995458951228154
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:gJPcObU6ierJ45M4uSgcpeLgEGxpcVaS9wWKgEdFdsJdTdgk:NR6ierJN/lsYQS1KHdidt
                                                                                                                                                                                MD5:AFD194FA1A17D9AB7227AF8BD2E04C5B
                                                                                                                                                                                SHA1:1060B7CE573652F2A9F0A923E71A890F0BB6F05D
                                                                                                                                                                                SHA-256:314596D0BE2CF03C48E19630572A9F483956F1BDE05F0E3AAE97FB24F741738D
                                                                                                                                                                                SHA-512:02E4EB9A856453766BACA469BD6BAA2946FF3E63549AFDDC2EDD24DE20B340BC6DC95D1F7A394FE798490B1A128BA71FE26A6BBE6545F4B5B593678A7942253C
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:zC7..2H].^...\...qN@.7.X..l.Spt...........IWW.29.2.z...S.m=~..Zy.`."]...1..A..C.R.|n...}..Js..(....0mIhD.&.>Q.T]j.....L.R._.F..E..9 .W.,..$3te4..~T.*.>.;......4.?.(V......I.EB....?..-.R.G..80.M........hM...y5(..}\....pF|....F.TT90.<....1.....f..u.9.F7..$..R6op..<.848....)..H..rz..2T>.n..=..u..f.qv.....e...j^..4.q.M.........e..e....5A7..~.v..A...X.]..V..\.m..v1J..H......a...h..F.../.=.1i.M..L...F..................k....7.V.......W[. ..*.2..>.O".T...V..R....e..:.7.@..T.7..zi.].-...Q....x*_&.".I6.n.....)...w.!...;.2.-OS.j........V.4.#..~.J....p.G...*$.`.....RM...]T\........P.?...49......Ar7l..tL,f....<..QPUyp'.r..uH+..L...V..Q...;4T.....>{i.7.......s4..Z.F..#..:..W,.e.... .....V...M(..Zi_..4.x..6.9F.U....G...J...5tO.sZ{..%r..m.......@.....e....rq.../.V0..A._.IS..*/..a.I..(...S...sB2ONxaQ.}.,.B)2n....N.H.8J.....U..$%7\|.i~..{.....0-.H.....8.3..p.+q..3.8,..,.........,.G.a.d.^dW...5.S.."kF.."....?...Q..)....3...".o.h..,...lyN...p.-hb.IJ....h..
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37307
                                                                                                                                                                                Entropy (8bit):7.99488687478033
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:sUvwUXwtnRbWKtEUnevUNNTeK5tGW/sZhyaJYaY3L9BAKz:sYKndWmnMITeK5UWEvQ3TAKz
                                                                                                                                                                                MD5:FCA7A012ED18FB887E1DA27C1897E377
                                                                                                                                                                                SHA1:DEB385F07ED99219D1CA8903C27D2AFACDF5F41A
                                                                                                                                                                                SHA-256:BEFC28917746135D90EADC18E413A8D1513300E26CD8C2D924D893A107E19536
                                                                                                                                                                                SHA-512:93EC2DE4EECFA3416BBEB1A357CFFAA40704E483DE94F5000D71691D1103CAEF7B4CD2207321ACEBA99C99F72A726EC1EB911E9C497E35589C4DF4AFF2D3989D
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:.$.MI.Q.?..M3n..Bh.. .0...<.........._}9.pnE.......[:...0"..u.p6.[.Q.%.AIul..Akj-.......5..ov........)s.k..>:H[=Cz..)>w6.!..A.^..A.....3..W.....;.$.=O....}..-.\......\[...4u..]XoA.(...e....y........1.i...~.n....C......E..1...]..%}G.*....D..'T9.CJ s....sE..Z0!b...f.o*..RA..Q..gZP?..W.}h.....l..6^.3<F|;....[...eqL...o.c[........*............N.`).(a.......9..#......s...c&~.\.'a...ni.E6.2....]_....;d..}.}.l..g..qM2.&.Z..;.x.L....T....}CS.q...r..q....0..I..../..;.Y#~.~...X.S.Y|.4m..y..$..d. ..h U.l...*P).t.....m....d..dS)f.....nv..D..<.sE)..F.j..y(w.h.0..8=(.&;.(...x..n.Q...f.S...>..<...\.m.!'.....j..,.F..h....[..}mC.q.N.L.....=.[.@..V_o<s=p.....Dn..2...2V.1..8....\.":..x1..L....2....e.?.b.D...9.n.A...p.?/d]2...;..'.f.C.wW.yW...'.]........$."...*ONg-~.E.z.B......i........~.gv.K/...F.Q..j.......r...%kW..-.Rq..l..z.6.N......5....N`m.a...Q,\w...jv........j...s.d.q.7..*A.O.._.D.\^.1.h..@.{..N....S[..6x.\..u..<\...G..-....v|W.?..a|.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37315
                                                                                                                                                                                Entropy (8bit):7.994968798130253
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:wwhBzJtUMPTMocefQRoz2QhWtuok1mwXt83gd2CaQFg0GH:ptCIMJoB2Rtuok1Jt83NqhGH
                                                                                                                                                                                MD5:29E6ACB286429CFF44E61712A5071082
                                                                                                                                                                                SHA1:987F6717D76FF34886286BD419F0B1A3621CC024
                                                                                                                                                                                SHA-256:5C1F4BFB86F5D3EBBCBDF9E445C6ED354CCC82F020FC371914ED7E960F904A5F
                                                                                                                                                                                SHA-512:E64C7662CC78CD032A06F234DFF5058870DF5A8960A94659159B94D85EDDFC5F9DC6A9F98CA1FBCFFD4FFD0EA52D8A3A069D88F38969B5C8953A75D5C534406B
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:...c`.9..9*......".w9v.3.C.....g~.L,.E.2.i..j.?............I..Sm3.Z.u..r....E../..h1....:.P=.y.l...U.F..G....w......".g..l\n...2..?_.@.q........s.+.7P..M.3yx.)..4.2..!.k<Y...TI........md....I..P.R.58}.\..'.K..]..../...6..d.y5t......g...v.d.v.......l.......>....&.I.G.....s }..n.y|.....Y.]N7p...7..Ns.m.;....m....w.k,.n.i...7.....oP.4e.G.5Y.*..S...M...6ht....`.Ke...F.@..F.......-...9.~.2.D..}.em....i?..!..:Jw...X..d5$.}.n.{^.?`..v.....j...069....._.....G...,.t<.4.5..(A...n'9.Y..4..6?....4O.."..5L\...{..p.X.>a.!4{.|.O.....\..]H.yY..m..J.I.l.....b.RT...l..S....\..#...=.i.d}..7\.u...........].qd..8.....p.&!E.u|Y.....Rd...5...V..G..Jt.+.H.$........z..G.p.G.. .y......n.gc..N..3j./...... C....8>.D...L.N..y...O."..9........kfE#.)...=.h&....N..?K.......1ey..b../I..s#.d..Q...t.....UMR[.Q....#....qYRX...Pz....C.; x...72..4..1U...a.m.{+..+.....m0.....svt.g.q.zT....-....Q.2w../y]..K.!...*F.U......T...)y..Tb[.t.z......t..Ms...P(7U......+.dB.w.=
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37309
                                                                                                                                                                                Entropy (8bit):7.995036778760229
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:imjx2zxY0Co3POh8/p8jrlfn9B7OH3I+/D2XBrxYB4fh0umhlX/puWY:imjx26Ul2Jr7OH3I+/D2xuB4f56lXBO
                                                                                                                                                                                MD5:9C91BA9F889309F0AF51833A209F74C2
                                                                                                                                                                                SHA1:90396307B3E81151C8844BA28E4E33256F683721
                                                                                                                                                                                SHA-256:64E96A8332B2D6DD4297F7138211A7CE2D6E5EDDE9B169A4088CA94BB61495DB
                                                                                                                                                                                SHA-512:3508BB86E8E209ADDEB78C0C67E1BE9DEB89365505D6E2907BA004F962A708BDD9FFCEA501B1D4F2421189828AA58EFB4D2569C98638B663CF352903D8D57C85
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:....<.T...(t].8....4.`..Y%_.f....1...p..j.T]..z......Z....y.5l...]....P.....xq....!.E..d.2.oU......h./......6...2.bg\...j.o.....[.0C.ZoX#Z &.{.@.eK....R!w.Q....E3R... ..8....]!.g....U........Z..$W......30.Pq....+g..+.9.Qv.{Qr....b.(..A............b...3./...#.f...*.|+.4.......=.6+.ns...P.....}.(Z.@...r......1."ZT>..K).A......;..M2.6.V.W.m6....(..D.f0.`3J..~9.9_3HI......Q.P.By4.. ..$.x...c!.rJz...].J...h....e.JkQg.g.EFB.0..<.......J..q.Y.Y^.bk..L.|J.lG.5+../.B..0BK..5k.g.@..|....L...B..r.O.q.~.A....URa....`/D..W.......L#.<..y.O....a"zHTi.(.........2.I.9)]f(|^...<..c0Z..{.....&.dh......G...]UX.H...`QC.h.d.'}.!z?|..4.4..St.Ka9....Z...[...PR...)-l....O.l...g..Yf............).....1;+..a;.|p.....-..(..V..mu..s..e.7...Q->...qky.. .........i....C7u.XQ.z?...!i..zZ.$...%.;.h..0..M..qs..K.|.6.S@j+.{E.O...t<J.x.....-...m!.d..0.u.v.....D..5.........{)..$..%g..sl(o.[.f.]-."l.....<AU.9....q+w?.x...0.I>,.m.B_...<8..*Wo`:0.#.|2.h...0,;S..F/.5...."....`
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37314
                                                                                                                                                                                Entropy (8bit):7.99448599518485
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:3SvI0PKkhm6H+tFMlxt3YzINH1FcHFcbhzaEHZhOk+6NM3hgOVwtp:37IKkNenuTSaHvclcbhzXbh+6SRgOVa
                                                                                                                                                                                MD5:DEA702CB87EB2AFFD70FC1EBD1208DEC
                                                                                                                                                                                SHA1:A254E601C73527A22135750969FE89828EBEB4A8
                                                                                                                                                                                SHA-256:85CE50438634899A2F39192F21B9B938F175CF8DEC0B9BF54EBA00E102687A00
                                                                                                                                                                                SHA-512:563D0BE29B927B08BED6BEB323792201BA12BCE85C49E79405F7ABF8F9B1636CEF2075C6ECC66C7E760FA68B16F60AFA33D707D6BA695012E81965705B6533E0
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:/..........P... 9.....N.q......r.VQ'...*.8S.{..r.2..g..u.....WE..,...z......re.u..l.a..zn.8...}......+.I.G.M2UG..1.O.S...G.1K.J..e..j..0a..!W6....+S..........R..v.....%. ..... .q.r./...."l...~[.% .G,..:......C.V64..$..Z.H.+.....M...,.tk7 u...(..R!Z.=...Kk.Z.a..0..@....7R...M.8...^7$...M.....M.}z.._6.F.r:.if.J...e.]."e_%4.P..k.jc.Z"w...!...c.$2o.e.Vwo\...@.....3.Kl..g......5....U..B..S..6G.4[....u[J3H...l.!o..my...Z2.FV...9.Q...5..]....c....Z...mO...|C../..W...5..1Y.?1.6..vi.}.^#Q......i...ms.&.>R.}..5...!m.O...!0..Db:.\.Q..VXS5..QGr?..2.i.R..'.Y..wE?....6.pl<..t%[s...n.Jz...Q..*...o<.W.r.=................5.;lW`....]GgD....k...8H-...../u.S@o.V....]n...C8.J*.. cQ...x..@E[s...B.G}z.....}.=...'7..U.+...*..)o.YC^.L".._.........\......}*...O.0.)a...G./..PA.......N.B....?.R._..&R(b..l'.,..gH|5.......r@....,.;....B..=j,...+_...J<.2......jx...;..y:"+.K... {....$_...k.I'.3._...n...e.k+..af.}.Ub...G....).....r.i. .....n........tU....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37326
                                                                                                                                                                                Entropy (8bit):7.994770096919083
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:bsq97Ztt46pHoDP03UxpNBu2UWZ9sg6KE2RRWa5RMTt+Lrt+KRygf:fltt4GIDvp4WZ6KOeetSoKRygf
                                                                                                                                                                                MD5:4193BB14F098FE3CB82302CBCEFF3A63
                                                                                                                                                                                SHA1:B985D0CC90F331C90FD38733E0295CD42055941E
                                                                                                                                                                                SHA-256:915EB882261DACF92E9D3183F1997A8AAF5F6A792196096EFE49FF1EFF3DB91C
                                                                                                                                                                                SHA-512:4458F9AD35B378A2655385A47E0FAA4B5B266AAEC6F99EF3F09B555DF5D4664E130A0B25ED01660CEFD060E462A16145A426AB2276B9ED052BCB99BBA6D70B55
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:c.tvL.. .(..=l$..uz..WP8p..F..`.{........<..S..Ny..C0..R.P.0....I...\3Au.s.o....7*8..O4..I.6.J.u<).@.....h....'A.I.xj.*.I.A.f*%..f..)...T%.).[..9.cM%`.....g..j.=..=. b!.......D.......z.Plg..`>l.c.Y.D/7K...Z...........Y...^..?s..T*!P0.R.. @R.DX..j.Q..t,..Y.*h."T....{....#O....=.|...h[.5C9cn_X-u.m...2..'....J*...-.2..A..TC$.-....O..gT...G.o_.?.....q.b....Il..L...?W.w.....%..W....V.....S..M.e.......B./.. .K.P..y..><PN..i..B..-.pB...)bs.H~k.....;.....Ek..G..L...p.C1...[;.-.s...p.8Qt..F....7.U.r.6A.=.&.p....O.9.{...U......t3 .=.6...~DV.6....o...M.IC...V..j$...;.WWY.t..1.Zx........-m6p`V...c..K..P.*O.B*....f...oW2..y.5\qC|.u.4g..R.a.G..W=wSB1.D.!.c.P.F..<T..y. ..........{."....w9pED.uA._.....s...D6....n.n.p....p....4.|.nmw.....P.0Z......J.[.#....y.....ep..........M...r..3..{.e.l..{..o...Fo.._....Q;.....R;I...V.~....;.L..\H.)4m........ ..m.sY.^.f.5.G.x]...-...^V..C.v.~..i2.M^U.....1.y...i..bb...$..y.a9..u.:.B4$J..-....0f.Q....Lyh..H..$B]...].(.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37336
                                                                                                                                                                                Entropy (8bit):7.994983750675409
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:fuYm7B5N492YOncmfX2R4Sap+bZrVoq7n6SD3iRDV3mb9xCtmMtT:mYm9492nfX2R4n8XP7n5iHmY
                                                                                                                                                                                MD5:3FE804E08B411430C491C09B98394B89
                                                                                                                                                                                SHA1:44011699E4D1193A26EC6BBDAC8B86A232B1E5B4
                                                                                                                                                                                SHA-256:8FFE8DB542770B5417C9E0172A8647629E51C9D461D5E53FF49AE9A127F6A1A9
                                                                                                                                                                                SHA-512:A8176AB731AC1FB994D40D527AB8858A9EE60702E648C94B551EBADEC8DC18FEF76CEEAD4F2392A379081F0DB75C065038B22368B974C1B505F95E7D91EA0C11
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:.....a`.........?n..Mh..$3..1?.tt.}P..r.N.]...Apd....o..8......x./.1.~.....2...n...%.....jWBU-..........C..z).....PQ..|....A.U....v)....Eqd....S6....<....b.Aq}.\.T.vT....!.k.........*..*.......zD.<%.SY....yP.lVK....|.v.&.}I...;...<H..;?.O.......n.=.Z.q..j.......to....~IA.B.E~..L..h....\..|...HyT.x...X....;..]8y.....Z.5...F......n.*.MTd...AT..4....l.|..>z.yK.W..........E...J..._ee..".Va..W....k..U!.#a....we..q..1.';9.(. e.^.5E 6U.^..Rd.y...._"m8.rI.. ..2y.%j...+I.20.2Qu.w...4.W.....#j......6....K1].........#.*.t..X./Y..5.')...(Of..U.OQJ...m?o..r.RG..=.a.\V...gF.Z9.x.gL...+_.y..l.w..@.l.U.1D.xv..D.CN....u....1l?.%...C9.~.......]..[.g.l.[....B....c...m-w....T/3e..m....]....O.+K..uw\@J.7k.....*.k...x.$`5.#...0.<...}U...B.il....+..!.Z.@...[.O....J..K...W..}........7.Q".0.cG..UM..'&a6..........2.$l.,x.T...mx.*.t.y..h.s..Q.m_.....-3/...<.....".._o.y>+.U...>.3.+..u..|.k............9.....(...5.......?....y..d.{l...n..qw.7.E...q6.........
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37334
                                                                                                                                                                                Entropy (8bit):7.995096168052863
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:xSKEiHcl/UjgaZ5W8NmM4pYavCLTPtegLvJ+/0lcY9A+5pOWmSa3fIl4TQV:xSKS/Qg8WOr4TvcPRLvq49AkpZmjwSe
                                                                                                                                                                                MD5:5F2547A963CD33D7D1769B744500161C
                                                                                                                                                                                SHA1:1FDBBCD9AF166C7A9A65B5832D38AA5139E4B13C
                                                                                                                                                                                SHA-256:73C421908A2207D30C2A29B5D63B137CB17845552B19A43DF2CBB8DEE7AFCFEA
                                                                                                                                                                                SHA-512:6922F9B07B7F307A2EA425F5AC482A86AEC3D17CECD70F729E88E4A8EE28C5CA3D8354193C7F3B576FD153CF13D44CC697AC3C1E373591A910E0F4C422B27558
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:t.X~."E.X....)?...n.I..t}..U.c\.&<.d.z.&...f3s..%.....WZi.$...!p..<.....M...g..t..-....Lbf....s._...?c.L....,.h....*S.\.....I.e.r<J^.K...S..*&3~b..A^../..2[2Y..Y...H..W.m.R.Y.{iGm.n..;...C..V&._..KR..<.;?...r..X!Jt........X.a..T.F..#FNe....KQ.M.\hP...Z.....`...[bt.i.ml....~.d....-(G..e.n`.a..R.G.(...q.F,..9">.cH.W.......F.....-.K....=b.@"b.Y.$li..a...^...P..E.......Zcpa...X...N ..a.......E>...l...5.w..C.(.......l.&=..?.........A{.f#...'BO..n..$.~.7Grv.w..k..v2.A.g...).nt5-.Z..\t.ed..`.FX2..0k...t.YW..~q.*...]a.v.{Y.;1...%..o.K?.O..,u.....}.;.4!...[.L....n........Q......X..:.~...l_....u).....`....|<ge..\....g}...W...m..q....c.m......$.b.%.n....J.\u....0. .~2...X.e..Yb.....[...Y....Pg..z...Dg.D.n..q.....1.=(r=;...P...$.A.h.L2*^......k.S(.}9..I@.Ou.oo.j.6..0:i..:../2u.\{au....L.....Uk.a.?-H..m$.=.F.{.....C......4.0.........s.r.x......'...z...3.Qr..hcE~l.P..4n.e.!."..O....g...uQ.1a.$VA5#.0...t. ..S.7."..9.H..8g..lX.#Vk....o......v.k...S z.....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37309
                                                                                                                                                                                Entropy (8bit):7.995046866386911
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:wjASWbdJBZWbNx8kXCx/BebIYhPZ10nbO/UL6qbBvwQeMuRG2lo3oAGsjRH:wsrb+bP8kyrebpxZWbOML6Mjs/lo3jGM
                                                                                                                                                                                MD5:8FAB04A40C33279B754AA4BD45125ABD
                                                                                                                                                                                SHA1:12B5E0C9E56018F1D9ADA625EFBAA637D8996477
                                                                                                                                                                                SHA-256:B98BC0023E0724119132CB77D35407EB5493963899A7883E975C9CCAF285246E
                                                                                                                                                                                SHA-512:EF32432A48F15EFE7FFC48F2C3B8474F0245F4124B6094E25516DBDD7AFEBAE3DE8B6C783DBBEFAD98F322D476BB8FE6DA0B45AF387E7DA1D452ABEAD7EACBB0
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:nn..Y....]^Ig..K.....$....qnNs...k.J....BR.V....pR..m.x.4.?1M}Bc...0ec.L.....u.w.g.d...R[mO..Q...O.n.87.. T........D.u..?$..S.Qh\....r.^.Y.d.K.......]..Nz..Yj.X..4..J.x(H.......t}!3.....S".^X[W.....H....:gQ..Ll.S....o.....+........>.......D.....E..dQ..d.u.......V3....AQo4ti'.}B....D.;.h..j.Tw8<.....2.5..[..B......h...U.Ax...>.mkr.$....k...l=..\l=F......|.../.}._.w]..C.=.9[j...,.*....6{b....y....`.sVJo..%.3.."....{.......K.......D"...dz.o.........RX..e..T..X....m..I7...cgoG....ha.........8....<.7.b.L..8C.?...:8....(n......]p@.....k...:....1.....Y.A.\...UcQu..$T...@To-r.g.gy.......?....i,.z.....&.861.x..-._..xf....,\.....no....1k.+.V%_..../...o[.....o.E<@...Es..........:...K*[y.}...O/....%...t.4..-h5.P;f*.........."s.i.|]...C........G..`R...e.......\..v.%.8K.l..r...J\.b]&`.Rs..9._C..&HS.;..t...........[....Z...:p...Z. ..,....[.Q.....S.aEAu.);q.N.~9....a.S.P.[c........sb;..lD..k.%%/....O..U./.......`...Nbi..;...hRi*..[......Z[...q...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):37306
                                                                                                                                                                                Entropy (8bit):7.994518226615506
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:qa0TCBBF0cW/VjKB6fIxXltVZlOJEWtLSZOG5+q4xoQ0BuG0Fj:qf60Lhcx1vXOJEWtqV8q4x10uj
                                                                                                                                                                                MD5:381B8B5091D8F3EA8C8BB26EF3E3A03E
                                                                                                                                                                                SHA1:EE5ACCF515F6477CEF5CAF4B8330E351F9963591
                                                                                                                                                                                SHA-256:FF836C808B2C3CD4082A808ADB3DFF835FBF0D9894281FE5C157AB171239C681
                                                                                                                                                                                SHA-512:E3AD1C881B1CAA5EF2BFF5F592B33CA0551130B2790612052928AA6739B925C5CB7CAEE1BB8E7005FC2C182571E4D210DA6F054065244743A12A927640014708
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:..R,....|.N.q+.F...AU..q"y.N...?...N..,.$..QG.6...}..1...b.!..hK.......P.............<.*X.<..........}Zj.........S@!e....U]...i...B]..IAa.|J....~.........i....?~_...nr..1.....dK.?..<.y.....F..P.:..e....d..v.........-"9I.'...s*...<..3.3.{.4+FV $#..8....\&1...._GL....ri...4../. .*5h`......E.4G...=...".h........^.5?..e.6...=."..F.u.~.Q.P....0\...?.[o..}.|..`.........VM%.+..d...a.S.e..G.c.r.....8.....z.....u...k.*A.CJ...b.$....\4.nd...;.?d8~}.YzF...z..Hk.c.@.S.!NY.+.uc......J.%..!iB^..d.....%9.T`.o.[..).*.-...|v}T.?\n6.G.q.R2..).ZH.=.8....R~..P...@qK..@......D..S.%<.....v. .)%....Q..Zd.f:)N..(.a....w<....@J&=...]...K.s.Y...f.#Z.....co+.. Mc ....k*../....x.V.j...].....^....{.$...>.'.Q....C}R...o....]....q.....!.6.">.!/<..R(.^@..(.:..4`5.J.#.a.U.k..@...h..IU.*....@.b@2'k....~"V.....-+...#.o...*<..t...X._v....@..E..<..Y%.Z..~..g"....\zk......a.2...\..Y.{EP....R...0..+..ZPu.M...>{.....A...../u.Cy.Jt....d.f...3..J=.....jq.....?A...D7-..C........
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8431
                                                                                                                                                                                Entropy (8bit):7.9783931833900965
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:GhLjhwpKGM9Znqupu5g9GdomzTPLhhhjvCqY4Zyj0twbf6JW+U:Gh0KNZnqEu5g9ifLJj9tQf6U+U
                                                                                                                                                                                MD5:51574B2E05E08D8ABC2DCB025EC8052C
                                                                                                                                                                                SHA1:1C0F180587E30B7D7DC00AFE5738E2B9E7F576C0
                                                                                                                                                                                SHA-256:D8A34C74F1E8049D524ADCBD6E71A81717F99D16A995DEC6DE8ACE81A6018664
                                                                                                                                                                                SHA-512:1F2D46AA2037DC87FF59697CC803111024A4E1D08C204BE530211D7E1766D5549F117BCC9C4AD81CE04F73DD0E36B1E2B16FAF2BC159522FB7796E24014CB780
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.....Z..._..f........b#.]..Om.(.t.o.5v.t3.r..t<.Eh.D.W.l..n..G...\}....[e2......b):.j}...9..p._L...eP.Z&...5.k...$..;f....H..z0Z....#..Kt......u.....sd|. 7...fE,...?....x.q..5.!5:-3?.......*.....Q......4.x;...z.......O.(.?..B.E.R6.0.?.......;Iz..q....$.".......}..I?.y=.a...I......k....+.2..s.9`../..........A.:......7..-......D...........Yk.yCn.......v.g.:..5.^...f1\i..u.....Q....m..i..O..:....>.C=.....:.)z...I.j&.S..C..`...M63..v...g...h..O.......Ya...|.\.#j.^'.....6F..-.]...z..dd.r.$..rFA.*)QM^..F...0...(l.\~V..HE..0..n....6..H.......]..f...S.v_}...O.l..i......~.....#..QS.H.`.e`R.f.p.)%....^....HT,.m.....G..RP4...F.....(.L1>..FJf.b._.-;,,.!.h ..2a\..9_..*]...Y&. n.....B.6.j~.".(%+~tm..O..^H........L...3.j)bk.".Y....*..Q...\..q&)G.....S.H?l...x..f.l....Er.,.E..I`.....uq.4nY...p.._.g..XP;5..c.......E.G...B.[.J.k....g.k...(...n.Z..U#.D=.."p...`.U]..N..@........tG..W..-..\.....-+J.S.Y...$"..]....&L.s....L.f.h..UlW..X..\....p6E..'.2B6.Q.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8431
                                                                                                                                                                                Entropy (8bit):7.9799726272573315
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:movbqnnbgi7wXXlsk70Omc75NBR9DKxHQFHuQba9yn0/b4G:Vvbqbgi7slsy0bsBRRKxHQ0Qxnk
                                                                                                                                                                                MD5:8B1CF3ADCB4BCC4B2156E482F3DC5B4F
                                                                                                                                                                                SHA1:63BE77307200C26774BE9847D6B8A4A9E54BAEDE
                                                                                                                                                                                SHA-256:CBC6D05B1337D1A9D5DCB3203AD4DB96CC29747323533B67D4AAC9916D538BCD
                                                                                                                                                                                SHA-512:AF5E62C7F4F7355F187D2830BCA694FC94006EF5E6A35FB428D9558038937BC9EDD9697B9122CD63F675DB8F0C3CAD40161B916A2D85969DDFA679AD3431E803
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..i........... Do&.4m[...../X..fF)..n....=..6X..v....U.z8Go|tz.L..>R.h.T...s.1DiN}.\..4o8..y.!d;..U.}%...L..5.)r..._...#.A....GM.L...D;._em.%.k...q."......U....m..-...F6....L...Z...7%.&.X........R,....t....*.&...q....h).#..)..TTj......P.......I[.G..q.[:-..v...b...!t.Aj.i..i..........5t..R.......eP.....ui.x!.~..N.2...?.L.......R.".4<Y.'.0+.....o.\.SwA.....e.G....J.=.P..of....l..g..z.)j.V...{....=z.........1..*."....IqHj..i>.)..C....Z..n..E.....l..4...e............D..*..y..8:d..j....lX/....Z..2.0.a"%..7..1.Z..@....1.....Y..JK.z.%..!...f..t..2...b..5.E..(Z..:.x.'.....EW^.P.m..f...7...2.....). I...O.s{..@k..P[.%...(q.T6.....'.u.8Q.y......+M.)..&P86%.+.`I.bHVp7..MA....R..V>.j.6<.......-...-...[..8.).[C..I.?.UybW.F.i.:.q..+..k...F..%...T........w.....H|.YY..F...,...^....|.U4.....<\..ss.o8..U.hyl.^j2.(.t.Io....~.W.Em.d.C.K.&i.PZQ....F....W..9;.......k....9.........3..g...X...{....7kO.c..J8..+.J.........w.=...gq.....A=V..`S-.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8431
                                                                                                                                                                                Entropy (8bit):7.979228477773128
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:M2IPK5g5AjlnwCtEBo9sekExOpNF7JA5RYybN5aaEag5bdPB:AP1CXtEO9sekE8qPYyTnQFB
                                                                                                                                                                                MD5:BE9B6296423F4EAE9525233DD9713922
                                                                                                                                                                                SHA1:52B311425C6FCE3F586949C8B581A5AFD478254F
                                                                                                                                                                                SHA-256:A268D257BB313966F337DA212457D0563739BAFCC9D4EF31D638F95EABFF16B7
                                                                                                                                                                                SHA-512:BC4DEC2EF4DBD4AE363240078453096C8F983AD5EC603BCBFC60314418ED66A987E601BB40746B1E6A8AFD6654A503462727A09C0B5D829854E96C24ED0E46B8
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.7I+.3P.2.#..q...........P4.K".KY.9.I...;..,.c.6y.V2....f.FQ3..3...m..7t..u...f..j.(.... }......y..S.`).*U.......t.R{...B.9g.. .azi=fI..,...M<.......+.'..?....>....).`.0..@..r%.....F...?A."{'../....r.`t...".......[8.d.l.,. ...I.v3C.....5...$qE..C....2.0...*....".c.B.X.D^...k........u.Zir:...>}.c....hx....^#.....Ua..]1...M.w..,..~../h...=.9...Gp...k..I},.b...C.S.2.-;..[ ..u....g...z.G.V0.s7.o..m..V...B.s2K.n6/....SP.[>w..\pT.@..H........*[..j....l.7.6...$Mf.s.X...XY..i1...W...v.&.Q..`..).2?%CO..<x..`..9....1.f#...]..[.bP..0..p....R..yB.Q7..N..?b.H..-.>....r...j.aT..6.?.+:..U..lx..!GL....[q.9}.\.Da....W...eQ.].9H..x..g.<....b.....e4...O#T.37.....J.%&V.I......:kT#h..k.|E..<.b...o...{?.L../e..`!.@.JN..qW..P"......2R....H.!}...}.,7.a.Lm$.J.`...K..I.....{(..Y=g..k.f..s.q...9"......,.....>.....xg....:..s.^.....N6-N...._....,$..F..W<....9..S.!a..F|"..@Pz.7..fdtw^..IH*.n./:..-.......j%]....1.....f...$7..{..iW..n.Y.A.E.#....-...~<.JK..hn....1s.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8431
                                                                                                                                                                                Entropy (8bit):7.978648577650407
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:4vAMQvDUPNCIVbbMEvLBKUQsdhqUxewhnipnf3aeTohHfi1rG4nx9hMWrQKJz7y:44bvgPFMEvLBKUQGeOnq/FMi1Lnx9hBa
                                                                                                                                                                                MD5:6FE2B4DFEC49570EBBE2A60666F73312
                                                                                                                                                                                SHA1:0E0A806BB561594C87141AEF96EE469D53E79EDF
                                                                                                                                                                                SHA-256:31772CE726359E0E679F3AB9E7036661BCD9445C488B05D5162D4B69AA02B750
                                                                                                                                                                                SHA-512:F6113B65C09ECE8E29A3036B5F9721E212C285F14CF90E0AD81FFA0F24351C60C24576727B858A2D4823FFE42B52BB2240F4E560950CF4E73930D0A23A96D204
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..W{..KF.=H.. 0....s.......{~.` ..oBu...`.6..x...W....MP.kt.R.PLk......G.G...&....8..zj..\..$.....a.=.q.+Nj....:.f=xKZ...Q...S....JXR9.S[n.^.MA..A...>.n...I....5#..S..Qn%..b5..Z..7R.N*.S9..z.Xbya4.Q.._.........>.\..)y`.h...7hW.5.7*....5.;G.}G.A.m......w.7.O.K.....e...f.&..B...l..m....U..X.~|.j.j..D(.Qe(...%....G.d\k.....q....i.RD~)O.TT.U.P.kw.L.>.8.y'.q&......z.0`.r.Z.g..../.._H.[.)....jNj;.. .K+.;..9..`~Q..E.] ..*!..`+1..s..$..cN(..1..DnNT!..o.....b......[..`m..f7=....+.R.k.uv.`r...#.-....@.....d.....A. \.....qA|U..t4[.w..n..p.....:(..J..h(....y.......[hp~....R....}...w......NvI..Z..9.....Y....kB..$.*..M-.}....."&:p7-..^\.n....@.u.5tg.Z....?]..z2....)r.T.........,wW..L..r.q..i......2.....N..F&\-P...X...C2...j.Q..i.@..;J..Zx~(e.;.........i..l..-..S.?.6.g..?...,...i|....G........C....#.K..FiYP.........R.1.A.^..4.p..#T..`.G.....v...o%0.N.....w...V....Ws....9.~.x...K......!.X.x..`.{.....jI.Byvx. .t....4 ;.#..m..*@..$.a..~+&.u...*..5.qG.T...hCkY..u...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8431
                                                                                                                                                                                Entropy (8bit):7.976718830370058
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:76yPilO72oT6kUTBHflI6I1obpOoHYDjSZ96VHXoo0moVPxIS:76yK9oT1gNY1ob4oHfZ96VD0z
                                                                                                                                                                                MD5:C205207CD2330280995C6CB925092489
                                                                                                                                                                                SHA1:0C5D12A00B3E3E24358B792A53CF31AB3F49BAF8
                                                                                                                                                                                SHA-256:1571C981A8295CB43E04DA9244CE6641169C4F73D5699967BDCE1B50BFE186D5
                                                                                                                                                                                SHA-512:98D66091FA8C94B226D7890500628C978888EB13F23754EADD63FB4EC822CD63EB96314D4161A319F57142E4B5CB3E82741F737392E16664F5DDCDBA42E2C929
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:8.:$+..?v.O.*...A...v..n....:.6....a..tq....{.:...7(.>.G......|.#m.zvf"...$.AB!C..c..`......h.6.(e.v.y\.....s.k.-G...h..56....q..AiA.:..z=.W$#._...%.......0....)3e.....D;...R.;.P?................B..".5.P...FE.........?..?.7....o..[........[...%3x....S...~....6..#...RZ...Af.. y.....O....r..<....<...i%...dt..t......Ef.....w.dQ2x^.=.....n..`E.....)`a.....)..tS.:.......W.....d.s~...r...=Bv.;3....Y....o...9{.....[5uj.p....H........';...Iq.#.JZK<......L.......x.....S_.n..\..WJ.o.....J...s.%O..O2..,9z5.F.c.H/!.k...H.....*b.of..{m\,.9..r5(...!.y...S.o.fS..#...18.U6..Omg.#&..:K.....)}..=...... ..Rs...:.0xr.Ue....yW.............z....0...p$U....xG7'......<.?.k@F.`...Lj..Ay.`Nva.[a..=x..@\..."..O].]....`.......e.T&2..AD...m.!._..q.zl..H.;.(\...:.....|d..h.)...b...N..WU..O....P.m.pW.;.#zD...D!?9Iq.z...p..1..y..){.S.......Un........^.ZP..U..{.~8..L...._..:...v'|..N.....k.AxZ.8.E.....J....in....9...dEl.`1a.@W*....tv:..e.-.m.b.J.....eoB...!u...d
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8431
                                                                                                                                                                                Entropy (8bit):7.978810495577244
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:wB8c/wI35I9AZlpfc2Biahq74metJjT2CyUihNoQbSVWc:wB8c/wYI9Grc/aEUXJuxUihzbS
                                                                                                                                                                                MD5:5195BC59593A8164D434D010964DA0F2
                                                                                                                                                                                SHA1:CA98D595C45493713B749B10A2A2046445A7A895
                                                                                                                                                                                SHA-256:DD42D613398433F39FD411EF6F01F8D097190F5542539589458568EFBCFC7FEC
                                                                                                                                                                                SHA-512:C5E4C3CBC2CA6A9AD3698F257246709A1057AB67B67A17E36AE727421A2F3D7F52E32826C0D3B6385335060D8978CCC4FF657A75B284B6DBA2D97AA0C31CFF96
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.J......006k.H.....q-C..oX....T3....t5..+.76M...?zX..+'..CY*...H.GW.J.....Y..UA....T..Pd..4.wu...;..p....#x...5..J5..N-.....%K.Y.L....W..H}...)...z..t.. ..(^i..061......r~..;o...=.f).M.F{...3C,....\W...g.d.BM...Qcm2.......WD-...2t.~}[A...T:..sZvZ.C:\_.5b.sw3..Y..#.)..!....N.x...rf!&..An.!a]...T...H...?.+.hY...b...i....)..co.o.....2;..q..aX..B..==xpd8&tJQD.......fy..I.Ge.7y.E.W".....[dQf....j/c.,"^$q3....}L.(P..F..p..1/d..B-..X.j...v.Z...f...mrW.p....$W.=..m...} H...ya.2..2.D.v.+.E..T...c.j..p,.......6J..R.7..Q.....Bg.Z;......s^.U.UB........Ah....+..../.W....8...^.Z.+....7...Lf..o.q.u.UA.....?....z..b..JgY_E.......{.a:.s.(eS.@.C.S..H....KF}Q...#x.."..h..r../.j....z&m.......E....=..L.q*.H[[.2.....|7.4..5@..W....B*JI_Ekm.0.k...M.|.+c.".bv.....d.-.....P..q.........<....y2;.gN..^.fo..%{..1.^..H..p..G.....9}o...t...X.....90.[..x..TY^.......dy...f.v<d:z...B1.?...Q..*..J.I.)B.HR......R...8..`...O...V.._{......i.R..p.?h..P ..K...."$G...T.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):551
                                                                                                                                                                                Entropy (8bit):7.601267579787899
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:hMJbNlBxeylBzUs2ZLzm0/zHiriwErvYbDfgAaaDixTYJ:hMfeiSdqSzpzcLb2xs
                                                                                                                                                                                MD5:A6F5B1E75055154C863259FE57D4FD83
                                                                                                                                                                                SHA1:1CAF2162C9D4EE99C6158C944D7275F0C2B8DB7D
                                                                                                                                                                                SHA-256:623CFDE3E4486625DEF7BF803AE894A0DC23F6A1E3BB9C336F564B2042F40F00
                                                                                                                                                                                SHA-512:FBCCA7A0770C2E1F194E2FFA41F0547341353B6CA258FE0B133E31CD8FE78EA604657A906B056BC1652EC70022C69E1A663B2872EA5EB1E367C9BA97035FAF3B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...mp.r.....Ks,.h...J.....JH..o......]..V...E{..<0Ub.E...q....^dP.k..P..nA.{7..."=N..B.oa..43.....m..'.]wqBmkm....e..s.....L.xr.l.K;.o...5"W...:.OV...-A\O.-_.DM..."Wy..!..0n....bL`.v......W..#... ..k.......H.c......Z.....`^k.E...5........<...@......l.4r...~(..\r.....7.4P.....PTl...-.t..sNh...N.p...%.bn}..z....T..W..9z...o..v'..=....u[HgB.!..I.u$q........$.&K....c...i..'.'..X[....7S..3.I.L.j..0I^....<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8431
                                                                                                                                                                                Entropy (8bit):7.979934793616185
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:kws1gwWLDfwHhhG7o5F0zdCJsaTQSQjh9Kq/xtJDJkaqnrvxAQ5:DoY8ie0crNi/lJ1mqs
                                                                                                                                                                                MD5:E56E32EEC2151B8453BB247099C2BDF0
                                                                                                                                                                                SHA1:4BF384632127E38F2F17684F5D7310E536C3D6D4
                                                                                                                                                                                SHA-256:35D1ECE019B9F6498FF4830BE24DB1258EDAB50741593F294378E0F5DB7152E2
                                                                                                                                                                                SHA-512:8D7C6A12606A6A3022DB34B68A9B7A6D3CCEA1B30678D02DDCE0C3B41B4D86845C24D67524659580659A508FECDA8EF1B8A87CC051AF5C78A0CD327A450526F8
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..r..=..I..T..^.yXAC..=........j..[..l.TN..z!..\.g.]....x...g/..~h.L...MpRy.W..B.?..y.z..G..7!h...yHH...w.X.`.;..GG........n6.........q._.W..S...BZ.KQ..Qp.:..@..:.....D....A.{M.........g;.../..+..k..s.!.t..>.....<..f....w.Z.(".....$..O;{k..T..,."..;++.=9M?....YY/0Ro5.H.. 4.0..zt4......pL.^A./..>?..i"...EU..q.F.... ..../........9..w`.....5.I"Kv..A...W..d..... ..u.qc..hdc.]K-.2.D......`.6.&C["L..![....Z..ep..f+...V.......H...!.|.to.K..B`a....d%x.Rc.(/..BsP.9 ..t.P........~..C:.W}.D$.U..X..b....y....>.FG.7..qR.......1..W.{.R.3.|.v=.r.V..T_TtB...=..+......T|h\.^.#..".$]Bq.lPd.Gu..H.!...6.......}......G:*pl( ...AYr.@..RV..a...e..C..."<...a9h!V#Xv..W..(.aSu.jg0l...%.$/.=.....5..o..u..}x.M:k.X..:a*.c...~a.S..l../.S.........[.Wf..3..U....~....w0.V4e......>.7.....Dpw..f..G....v..f.O..;./.ca....s..".....hb$........*.U.....F.#.p.[RFi.w.oYH.Z"w.~I...Q..fY.!..v.DuSw.F..3...~.M..|v.>6.....[..g6...........z.M.Y...V'.........B....F....{a. }........9D..3.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8431
                                                                                                                                                                                Entropy (8bit):7.982465868214569
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:X3C/t4QwE/oxKAEYfw/arWuMwSs/vl/kC1nqY5cIwj8UwVEs1xP0jY:8THoCY8arWo9pk6/cIwj8UIrvz
                                                                                                                                                                                MD5:F10CA3527F750727BD61F22A03623E01
                                                                                                                                                                                SHA1:CA40FC9B9201780F2DE684C82BCB5CA76DBF58FC
                                                                                                                                                                                SHA-256:9BA15620D7D5B9BDD23D73A94F41CAD91EC35BFD321B501EAB5AB8BE892F4AF6
                                                                                                                                                                                SHA-512:9340E922AAA20F430B193456E5153437105B273369CF977AE4DA76F40CC6A6466214560CB1B8989742B98CFF3362BFF106AC7B9806182994D7A1058556C35557
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:/.k.....z6....?.U..:u.[..H.XA.R..@x.#..jR.@z...@.........J...x.f3..wNY.Fz..F.g.l.0..paR.....0....6.j..!.]<.eb..;..2.:...;.2yt\...W.b.Z:9w.U@~g...{f..,{3...P......6.,...L..{.....!l..e.C..k...5..r.+...9.i.s...4.%:...hn.ooQ.)j-..c&^.\...*[..7........(...I..[c.J.r...-....se..6 .}.-....C..*]$.M,......f... .Q.v.6...;9....[Y.,._.R.3..-z...v...s.$q.u.U.(...q.....r..3F....a.m.?.. ..*............*N/...-...z...q9..~t._*qkkY Op......X.z.....m....1T..u...7y.d.....o.......T0_Vf........8Z.t.r..#..e...)[....b).dZ....}.....o..cb..d.bt.,....g7;9.DTxJ.&Q.DBO.....>r.....1*...=<.j.|Qv...:.c.c%=....I.0........Oa..u.....\].Et.{..%meo.DIs...gS... A.=_.........**h.f.-E.v....,.+5..cx.@....1Y.''...y...8..._<a..A.j....[=,..[.U.:.P....jz.....H.......G!..%.\.g.(....a.....j`..@gAz.....Dt....f.yY.x%...bkl4..AKr.y.....?Kb.h.2(:........L..~..z.;[..G.|..Sy...h..xD.B..s...ps{..INB..v...........E...8......AL~.X.pct.U....."4..x......X.2....B/.xlA.F-..$.....O.._G...*.r>..
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8431
                                                                                                                                                                                Entropy (8bit):7.980044057869949
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:kflHSkssaLDvw+EOZrTu4YylZK2hfWTCMXAQE8FsGDKRq:kdHKZDv/zFRlcQhLQeGMq
                                                                                                                                                                                MD5:2BD96F081BFFD96FC63671391C3E4990
                                                                                                                                                                                SHA1:64823740097123D97B099DB172076F0C36EC0FF1
                                                                                                                                                                                SHA-256:822B5BDE740AC62CCDFFFE2B7D881E309E2B720B0AAF5DE382B517728EF47589
                                                                                                                                                                                SHA-512:70E5858D318CB1D06F55825F4C7DC23A8814D729DA3CD0F21DF6F14010928580BEB5D19C18EEBF100ACAD7A5770C31CDDC80933035580965CE4FF746C0A15124
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:C...;.}.*z......+..K...I.t..Rd@.0..w..e,...s6K...\oA.5..I..N.....W....M.. `'...9.P..8.........IQ.n..S|i.).>....u:9I{)B..R}P.i...P.&.`..)....Q..V{....6Xqtz[d.,!Q.....&..../..P.....5.m....T.R.X}....i..y..hW.G4[6..|.[.;.oCn..j.().>T-..m......}k.Ky..|9Z.....wv..|.C.....b.....z.....o?}.)Q.O..l2..>4$6....#I......q.r..g...8.Q/.-9...$6V..a.f.c.^...B|@ ...z..E|&...E.d..wh^.d.......P"\..........#..C..g..k.U......s.EV..N../.....?.....&.....g....e.|..VT... .j!.M........O......W.......*...v..Y..q\.=.).V{a...!.m.|.\.....R...>O.#...U..H.....[..(..Pc.43N.v..#.......F..`EI.E)qA.j?P.6....H<..D..........&f.=.D..".......Kds..E.v86=.......>.!.`w(.-...p.....?.H....Dyyr.;..!+.I$..W.....I....\ h.....\..k..."..?....s...#.8...H...<...e.+Yp....O{..~...Cs{..ZBzMQ.~.A..N...pB.3..........&q.M..8....9..xyC..?.o..2.p?.B.)0......9......5.c..iq..(..h..bu...'".xS...9...2<.04.....Zi......o.%..,...V.Y.<....xb..eR.R.....UH0?...x}sW......'.>?>.0./=...8....a..E...p.,1in..}.C^...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8431
                                                                                                                                                                                Entropy (8bit):7.980461983249199
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:PHUk3dMIHq72M+raFQrlb1OP96OVzMv6MVnqaQ+45Kvbc2ZvOHpuiWt:PBK72VrPnOl60Qv6oQb2bcbBC
                                                                                                                                                                                MD5:426B61294C94CAAE96C24ED78560E46F
                                                                                                                                                                                SHA1:B98D471BF3A512B69E793D5B8F1FE1204CEA7393
                                                                                                                                                                                SHA-256:63EECFCAB4D316F12D990F54D5B4782DAD4E82DFCE4BB015D46B5B0A73462526
                                                                                                                                                                                SHA-512:0765D1D48206D9A5007C0CAFB6DB5D9015FD5F12D9BE855B298F8D66A8773CA6374849CE6EA6DC46B7D20D5B3FD7CD1884ADA438B7CACA1BE48C7AE604BE99A9
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:Z&u..Ii.....R......E.U....V.]K...ydWe.R....s[...-CB.....U..2#....y..S...r..w.......e.N.y...[_....R.fR..)..[:cq....6./.f....0.PQs.>J..h0.,Vo.f.q.....-Q.4E{-O<..C:..wtA......a.?.p.K.L.$CX...~.0[...<..|x]mJ..x..?..z.........W....?......|v.`..~........c..A...V.|.E77.-.....#v...VP......}.....,.(....d...x.....'..<....a..4.'....5..L.8..Q..$..Zsz~......"....\.....B.v.;..ba9.<.B..........b..;...&.hC....0J._M..X.g\.~@`.`v.(.$.B...b...2...D.v.....6~r./..h...P;.\..M..0...35.kH v.&.+P...jetd[.[.....l.^..w....Q...8....If..$.m...mKJ.X..4....mX....iuV....$#.l.Qa....J.....~..B.......~.`..f.+2..}.{.O.&.2.b0$.z.V./....Y....H....#..;}^..../9...E.p.. NB..W....p@_...;b.}.w.J....A...V/_.:....-.>.....)..z.....t^4|o.U.:aF........o...)..Y~..<.......YB...v.$....^|.k..0...BQ.......>.]..%.t......A....].....b_d.....].w).gh..8\....]..P......=......s!n^... .....tz..._.2..\9.r...k.....B..]e.Y...f.......PO.h................to..u.`....z.A....._................2lt,W4
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8431
                                                                                                                                                                                Entropy (8bit):7.976202000859754
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:ys3cC4v2Mz0WVg0Q+m+L9GLRxF30MN3LsuaY45QUyAb86UVEpwpQKOydm:y+cR2g07Z+mFLRj0M6uaY4XJzSEpw0yI
                                                                                                                                                                                MD5:26CA4AC41E4DC46336F6A4CC457D6FEA
                                                                                                                                                                                SHA1:5FB8C8044EA87639C689219BC15DACD76ACF2D2E
                                                                                                                                                                                SHA-256:821B0DB1DE1CBA2016CA21464742D2887A6F125E249061F0E706ECD29E339B19
                                                                                                                                                                                SHA-512:ABC207AC41088DEB8C961BF4EE74E101EBFAC218BB8AA6A61E19A8B7683DE3340DEC4EE1A57C7E42719C5E35470BC2EEA5DEAFB6536FD2FC2D8BAFB240775C8A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:((@2.b...+......);zR.;e......>_...R..w.Y....AQk.-0.f......P.t...z5.<.J.Q..w.'..aC.5d..+`.....8..m..d...m.@.p21.8..j{...n.i._gN...p...`|&$J...xe.e.K..........z.....=..HZ0....V.S=.~.1.....I.CB=1n<'Q....G...B..o....N..8....8$....L...._[en...Ll.fA.....W...?.....G%*Z...*(.......2.&s..>|.Qg..G....?.....;...(bR.oO...;..u.#-.l./m/.i.@A..|.0mf.V.c...l...Z..P......^..6K.h/.P...na..9.F.5...."....rW.|.../.>h.QVt_...4.S..."'...FH..s$.....w.\....9..:.W..B..B........hi ..J...+......B.*..r....Na..*.F.....C.b(.U9...2G...A...Q.I...:.(.8.n..w6.~.4W#...}#.gB 5..RHH-I..\....(....E...v....w.......O...;3iKDub..g.5..'.I.1..C.7.)....5]._.l1_....%...J..x...h...0....X..)s.5...L$...O.D..M?...)K...Zb.^?...Nh..$h`....sX.dB........Y.h.b.t..D...r"U..#t.O..G...O....3!S.?NG..y...&..p..*..d_..Hx_x..........SA...8^.Edw.......E....C...N[...D..?.......#.q.zHX....~...@@....X..!........=m......#c..b..[c7C....;.Q.......i..)......R.v.%..^.....k..V`..-.P..q..^d.....g..k6.o.._u...>.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8431
                                                                                                                                                                                Entropy (8bit):7.97545847879794
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:xTcMhsjeM/3ty0owh/UCRpOaHDKUlpUQQxqiYFX+N:L0dorCRUaHWUlpDim+N
                                                                                                                                                                                MD5:4BA1E8CF5E71E8EA8F124F30C5C146B3
                                                                                                                                                                                SHA1:2155E6B71B37C215BFDCF780CE220CDA62A50D19
                                                                                                                                                                                SHA-256:E873CBDD63FC629BF9639BFBE7698C36311A5C36FCE0D4A1CC29D48CA6401CFE
                                                                                                                                                                                SHA-512:E6DE6D4763AAC6A6D999E8E00353972D1E87CA67BA70568F621EE396F5024F75579D2D5FC70DE107E07757899F479687A8018EA78CE239292F6CF60735BE9BC7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..:n.....,H..2.1G....W.i..OT..D24.X...F.....J........j.g..0<;..i,....]&...=....Tf....`...t...Zx...vO..y...#..t.....Pc..../.M.o..9>..p.n.. ....^M..J7. 1..:oi.fNR4tx...&.<...c?..g..$U...K..~..|.Iq...].uW...G......=%-.I{..$$...h.....gh`1 8]..[....N5..!.J.......t...~W.G..F.!.jGP.....n.}..r],..z..1k.|X*.T@.....u...g.9.0&..w.......X......z1.y..;D.p1..d...\...;?Z...._B...`.5...........o4...9.P......XMm=Q]..xL._....me+...f3w-........?0....rXih)0.M...1%.7..._.|H....7.. ..9......o....3.oPo.FB9!....5.2-Puo.>7.|D.T..%?"=...2_9...J]..:.qe7..... ..6.KG.0A.6d.A5[.....M..OA..q........n.w.(..."_H..%z..Zb-....gg..).V5..i....nU./....vm...@42.H.m....p.y.....l"..E^lE...L..|.t.~......Ql..DA....pf.....;+.,v...#....&..{.9n(.3..P.r_V95.V......)4.j.6m..iA.:.\..^.A)'..........[.......v.......G ...k...\o.B^q5Ep.7.!...,DI...|.#...$...{.#.t...%O.2.I..IZ..z..[.....9...6..}..P..._.................uW....t/.q.R..Y..H/.x. ....{@.,.Pp.s...-......0s....j.phP.\{
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8431
                                                                                                                                                                                Entropy (8bit):7.981082914583887
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:DCq6WxVsEWCX37bwcAxUHskJhp2RGzJgwZXe67h7jXuZYG:mhWxVECX37IgskJhHOSjNG
                                                                                                                                                                                MD5:4A154CB8812AC607E72748E06BC6C452
                                                                                                                                                                                SHA1:A88F501EAA45FB626BF18E6B0C4F8912DDCB2A43
                                                                                                                                                                                SHA-256:83F68CB53392C27829EED8DB7F999422C3A95330A05E7E48EE3D07DAEEC3C673
                                                                                                                                                                                SHA-512:9E93E1BDE7672D600E9E2F6AEED47D45E8173D6423242DEC5CD6EFFBA2D079C11930873FB2CA7AAD618C390E138665FCC22FAD100F9A79BAB8F13FD2FE27BE95
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..+........r.ZNaB..I#..E...'....v...^..N..%\.;!(6.w:......t...0.0..U|S.....D.["....]J.9-.:....%...mV.1q.]%=$..l..G.a..@......|p;.K.l._)..U6.....uB.M.Zc...)s.S.m.ZU.y.....n.m....>i...lU.,.5..=...0T...Ud.{...8.u.\...*.Vw.Z.,n;......,I..)...C.........j1h.x...L..Sl.ADj.,Yl."^.A..Fq8..^bJ". .Nh.K+"`....>Y4-*JI&.....Nt......^.RdJ?.J&.2....~.~e..@.S....)>52........;5...+.p.<l.lP.n.......62h...~x.l..p..Jw.%&a.U..i .....p._.....<3S..\....z.s.`.6rO..k..>h.y..t5?<^.hU..~..+.".=k..{.4S..6R....Z..eq,...R..6.q.....B.}.0J..U.`..0(:^.......'hE..d....P..J.bz....SxK..}...nv$...?..W`........&.$.IN.1.[.v`'...!.[p.I.k.{)..&K....#M...*...c=.0C...2.......?C2....#...0.}7..Q...........TU....;.W.VI.)...].X.PM........`...wR....B..H./=:..C.{.`J...{....[Y........F...&w.?.....F..J.S.....De..f.)....-i.B.-i....UU..=..<...NL...\z...s.....l.4........j.S......x.J.[E"....m%.."p>....r.%.....*.<../Y6..v...3..G.&^/K.e{U[.L..p.R.>....ScZ4~..^.?..-/....B...9...oT.........I.4#...z.[
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8431
                                                                                                                                                                                Entropy (8bit):7.976944568659432
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:Dspy1tUPcmW4aOjz4QKCQIsUgzZ7ZuPPzHbbSNwf9cK5K6JZAzVxZlLMaf4:OuUUzgjrKCc3Z7ZuPPbSNI1XAZPlnf4
                                                                                                                                                                                MD5:D0DB458F6AECF6EF0EF4F42FC3231587
                                                                                                                                                                                SHA1:DBE3CA01EE23A6BDE6F8715176AF66BEDE3ECD63
                                                                                                                                                                                SHA-256:3C517DCD0EC9BACC5B26FFFB82C2A97B34FDDB60A86FE649364F6A21524E40A6
                                                                                                                                                                                SHA-512:0E1296E6092FE8B8862B6CE4D0E69C1A5DDD3FED37AF39C9ABB618A8082C76EAA92E3E82DDDB3A56A0CBA864A95F8864219FBEC3DD6BEE432F921A58B513ADA3
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:>.9,.+.'..o<>-.O.....'x.3 ...m.,8..0VmD.-.:|+";?x.k.....l+_..aj9..n...z..J..58S..:I6..S.[d........v8....qX1..%8......'zq.$.0..[H{..(y...F...q.S...k..6~.+../z;...q..~.Gl.(nX.cO.r..#...w$.......8kl...w...>...j..R`-.Ra...V....!...~.Zmke..&E.;.\DM&.H..%..-..!i.bv.L...(.........P.9.X..+.LX... .5{j.. ....!.B.A.m....o..N]W.$$.....`.....wC.{..HJO....?E.;@.j*M..o....p.2....n..z...!..~.o;.*x#S.b....z.>Z.q.,.Hv017DR.........y.0.rn...Y..[os.=M....(#a4.{.......^.)..@K=.Z.,.;...`.........(.[...9..ZI3.wp~....{s...9....n.BGy.....d..gB.....].........1U9.<-o...*..!....r..6.(...).....'..I.iM....*.<.....!h&...Qo."..`f.O...0.*Hz..-N..=..H6..)........u..cPX4@_qo.a....m.o....Y....N...b.G.\.].S.k....Y.L~..UEp....._..x#.(.xB..q........<&..1..p.A.D..........y..%...@..3....fC......oK.}4...b...r"&k..K.Y..n.h....Sx4(....I,.{.y.."Z3J.hg./..\9..='Ud.*k...$.D]3......u.D...pF....L...!=.s..WX^E....N....q.n..L..q.QT....*.F...wh#\`......eu.....?:.6!,.7..(..E..YG.uX.J
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8431
                                                                                                                                                                                Entropy (8bit):7.981068598914822
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:xF35fMQ7YJ6RIyLUUopuXtc6hZ9eOufptZ3oC+7W:n357cJ6ZmIfGxX+K
                                                                                                                                                                                MD5:4766E6EC2AD425CAA9F2E0E37066B58B
                                                                                                                                                                                SHA1:57DC8D89188870C297DDED4BD1B070B76C2E1C2E
                                                                                                                                                                                SHA-256:A94B86FB5D5EA0E83559A6C8482F76DC3173AB0F3D6A873C4DC5110ADBE37049
                                                                                                                                                                                SHA-512:9854EE908C09B0DF917FF144E5BCB0FFFD06E7C0FDADF567AA609C94493B0429B572AD08DDA1A406CC2FA2CB8A563EE8C6069EA819F3C16F00176B6E47F38953
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..@k.:..y........J.O".B.c...rk.....3........?.ZB.."L...0.uu!....7......N.D.>.U......=.... ..s....R}S..?.N...."..$5l.d.....|...2/.fXS../...*E^....1?.....[nh_.....(..0....[1...:.X.e.k....(....C.y.W..{..u..6..;.../k.P......a%.|.Yz......j~;X...7.2!.R.......B..j.....B..dl.5V.Jf.........W._......:..}..N..\.*..../..wbga.......V.n....p0.:.b..(..~.t.~....C....N...w...,F.tr....>..[J^..;w9W.kQ@.Q...(6A^.....+Aa........o4..$.$..8"..S.3..#.8U.Y..._Mq..IQJ....,IiN:- /..]...xE.G)....Q......2#1S.!x.....F...v..[)(ge..t....Gin.[.7.4...?...Dr:..z...y.|.X.].&O.n....h.8..h..!...lr-..v..%.{....J...2 c.q1>......).5...{.v...]...C....B{#...\.m.......,NuyF.....@[|I....>L.O....%.e..sE......agt.k!TG.=2....r...##.....3...|...E=.).J'........8..#Zk.3s.....a.B.u...[.....'(;....y$.P..{z>D^2.3;E|.....4&..<...N..0O` .v...K.k'c.R,.....a....W..t.......q..UT..<<2..>%.7N...u...JlaK..x.A...O2..70...Q...d.A.;..uF.......:r.+o........Qw)KY..K....0.[...%k..b...kK........ .Me......j..
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):65793
                                                                                                                                                                                Entropy (8bit):7.997082387856838
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:1536:M/bJFKcXFEvbtQrtwtp3xwj1ZeYzJBmsqDaVHkXRCUT7:cXNXKvbtcWtd2TeYPmBDaVaRD
                                                                                                                                                                                MD5:98462BFE5199B39A45380153043F5774
                                                                                                                                                                                SHA1:AE320DA78DAD7C1156F810212EC12EF15A469116
                                                                                                                                                                                SHA-256:9C37A66DD474406378F975667B664E97CE6A491954E2C9CB68A5FF71DA51B61E
                                                                                                                                                                                SHA-512:AF4AEAA7259D0CABA07B4A177E8DE195BD47890135FC3FF94F023FF0AF7F8D76751D5DFA4E3C388FEF893D83AD555DFDF3A1C238393D2F7502214DC47932AC71
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:.#,.n\q....z.@-...&lT.)..8.......AA.....y.........x...P.....Gu.._.........-...V..^.......`...2..@.l...HI.hW....F.1,0...0..'.s..#.+.IJH.-k|@...4.c`D...h..T.mz.B.+~.!.......Mn-....LH..8.........\....!.+....q{M.|n,.......%.c.t..d....G..B(4:.F..?#..U..#...@q"*E.....&...."_N..F..<o.X.I.......Wh5..v8..;!........z.{....<._. ....g....{...U.#c...9..*r.s.k.M...CG..s[..7...@..%........ZB."...SHk.o.2.r..};...x.fq..ZJm.dW.I.p....?......X.3..7.w.....0o,x.....Q....*........+..n..&.... a......o"..i9....u!7x......3U...R..m._M.....]...l..W.Zzy..<ie....*>...Av.+. .....W\y... ......7kz8.......7]..Ow..%.....2.......-.....Z=....|'......;02|.C......).b....1&.yK ...K.U.>c.c.....07..G....@..FtYO..9..rv.w.X~....z.k...j}.3k$.F.....k..,...b;.}..u....]..}...@..2.(....H...%.<.E..+...e...GrM2p......<..](TE..xX..-.[..&WW..SY...|.....q`.../.v...4.. ..-.|..7.(...._...ly.[..|..#+*...#.3D./.....w.~bc.....*...9@.ZVG..$f!..\#..i.....Y.6..:w..#v.g...C..."<...p.{p..\
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):65798
                                                                                                                                                                                Entropy (8bit):7.997166532808317
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:1536:Fc3rMQ3MYSwcSreadEcmllwBUKSGATtVh6na5ua7syC77:r/wcEevcmvw2KpGtXkax7C7
                                                                                                                                                                                MD5:51237949E0784C9C3B6A10F83568938D
                                                                                                                                                                                SHA1:249BAB5EBA1CDF8E0644CFEA582557112B394E7F
                                                                                                                                                                                SHA-256:47E16B8C602EC79A0F9EE6CC5D49657C2AB4C45971244306289098976EEF793A
                                                                                                                                                                                SHA-512:A51015A9DE5BE90E27FF18A377B839DDB385D816E9A6C541E815F5F609B581E0D875D26EC15BC597F3AFB318CA096C2285A821DBBBC7991EA9B9C768C6FBE32F
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:.Z..0.8..5.]..Cx.*._.~4.*f...#)@.z"F.I.. .u!M|..1.6..]...XD....%..L../Y........}.'....lIof.%...+...g............%MNn.......r..{./."L...8.<...@.!5A..l....i..Rq9..CN5...JW.Tv11..p.fh.6...xI.....eKW.MsT.8..\.....ox.~P....n....=.J?..BU...oC...H`.Giod...Vq7..$!...2.O/..k.Z...Fej.....P.s..L@.7..74..\.....m.pQ...~.]...z.f.G...$.b.R..0.....OB..o.x......s.%..>......jG.....U.3.a..E..S.X.....s.WG..>...OT.........<.@..Q2..v.'.%.di......;6\h.Z...b*z4......Q{.Wg..?oj.x....*.Q." ...{..Z..R<..^%.K....;u(....2..9{c..4UvN"7..Z..q..N.Eb.UST....I].-..?..U....,.7.4..&.... .....C..^Z...?.;"q.E...5.UB.]..\..yDZ..{X.).....5L..7Z...}.....{(e...S.U>...C*.#....yDm,..z.!T.8..m...s.iN..2.9G..d*H..PH1..{j.l.D.....w..'..&..K>.i.....%....3.....z..<....\..|.e.%.=[+vNS...X.w<.;..._..um.`...........<=.....)..*H.%g.....9$?.....}..(...!.i..dw..z..W..U....J..*..%.....E..JW...zF'{....u.C.S4..>^7.ij.n...m.(../(..s..M. [.TgF}......a....L....(...8TKM..q..Tl...4.B.~.....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4194544
                                                                                                                                                                                Entropy (8bit):2.038955421490453
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12288:mPcqxg2jhvXdaAmpkQnD+SO8eTosqSZ3mH8JKQdoJ4NNDyRkmX:mPXBdXdQD+vhPZ3g8JNoCNNY/X
                                                                                                                                                                                MD5:66642D69B9BE2548686D790EAFAC49C4
                                                                                                                                                                                SHA1:00A023E25331925CFE0E098DD135A9980C1B6370
                                                                                                                                                                                SHA-256:71476C142A8D8FCE8D9A342EA9E3083FEF863A66FEC32FB860D85B9B4938BECD
                                                                                                                                                                                SHA-512:D1EE82693D13EC117B605FDA72A4A1798C70ADE36E8FCEA971AF5ECB61DD95D8F628A65B1A3C7D6F87D0CBC3C324C7AB99B9D2867663D953E935673591150157
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.l26x..V.,Lw..|L......+..._[....p....b..F..PHv.....x.P.k..n.Na...x....sib.f ..<%q........#....Jf.....t{%r.....>6.~./....cx..ds.}..I....#M99..........[JR.#..v......U..BsaH....y.."xfl....A.*..7'...8....z..Q....&....|..0......cT/..].....:F. .3=U%$\.N...&.Y......>j.n..c..."..2.'.......!........[..[(.A..P.J,...'...+K...Z..TS.#..Qb..2...,..9..$.....m^.xnL.LQh.yR..hx..7OO>.}.Jp@.........v~=.|..yn..-5.FE.Lj;...~Y...9q..n.nV.m..X.>...........`......L.ea>.'.sc*0t:.R.YmNU.......p..Z.V.<.....a.b.b&.T....E.2...>$F#w._......V.z.?.u..m..Qj.r+...W....O..I..o.,.^..Y.....2.]G..`j.....{.HEi...kP._.N...=2....^n."qf.o1ji....?n5`.........C0.^......l.........j.8.F.92.%]}$.Ya..q..D.....IU<)..H..@5nb..x.g..E...8*..].;M.T....*.......4._...@...6...3zx.Fs.Z...H....7..,.}....y&...) ..k[..<_..W..;gT.n...I.. .Y...c..!.)..;.z.........j......Qgi.-.G......8%..L..cS....3.a....hwoi.......Zw..w..h_...:.3.QG.u`g.)}t.I.W.C..n...00Iq...i*{y.I<..(!V..t.....U....h...r.N.-.L.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):16623
                                                                                                                                                                                Entropy (8bit):7.989200809939643
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:QzyuizCYksX+zuC+3sZASOVBOYm7uGU35Z/VUElpn7bLRV71ASkw:43i3f73rSxnu/3BDXL7mSkw
                                                                                                                                                                                MD5:E4B1D353872D71E3FBDABCE378593BE8
                                                                                                                                                                                SHA1:1618848B51A0D36357F79F2C07EE62169E360265
                                                                                                                                                                                SHA-256:65FE5EC3A0037706546D186BFE25DDED4D812C0BB1486DEAE621141722E7208F
                                                                                                                                                                                SHA-512:9678A4081DF9565F84A97AEBCF46123F44B40FD7B9BC00EAFC339F9824A5F6E2E0E3691BB17A9A38D90125A7237B46023BDCC5B34B4C6B0B47BFD120E8DC388A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.qj././B..W.]N..u..;..h@/..7.m..{.y%.G.....vmf].H..1.W....3.....e..}\&aw7.&..u.`.....H..(.D..V.j.A.3.8u...rD0..).x=.....Z.Q&*j..y.....s~_.v7.S.P...{.).f.;..\..Sx.0.T..dl.;.2.d(..M-e..W....^.....b};*m.f..IP.c.x=P.W.>R..g.c.%..;..m.c.M.....*.q.w.......~[b[..`.......g....G.Qt Y.....M..UF..sb..FQ$..G.u...#G1<R....[.B....tj;+..o....n....@.\*..MF.......O.g.....$.A.......P.d.G..h.....:{h_..gW.q.....5)J-......Fd.....t.....)...l..S...x..a.pN7{@.2.JcNN...%-I..K.+.Fy..q.#..&<..n'.n."..)dD"..K..h....#l.....L.a..O......w...s...H...*........6+.K....$+..J!....1O E......&.0\F.,.i..g.....k..R..m....,.....i....IB.y-......#..:.w;mR.[.+u....qw.Y..I.F04@.f....#...5a..@...;5VR..).a.(.Z..v....}.PAe...j6n.m.l.R._.;.....w..lfo.Y.(..Bh/.|.s.s..A.c........k&s....\.g..L.}m@..f...x....p..... ZD.....D...w@.......q.'Y[jW.k....as?--..A...oI..A."ru.RX....V"..R.Q.....x...C.Y...Y....[.|m..E...;..U.,*.O.JXt6....d......F5 !...K....CC....8..l>B.u....Z..C\-N1~.!.8.....K..=.=.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):279
                                                                                                                                                                                Entropy (8bit):7.227876263493513
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:I7rd8ncEiSVCDlF611xkxgv38yspXvXKXqrnzo66uoxTQWryJJ:I7Jk15gh0HiyEysRvaaDixTYJ
                                                                                                                                                                                MD5:D0D39E9559E45FCA59F3E441AC7EA070
                                                                                                                                                                                SHA1:B85062B70D531A5998173CA562DB31BC61AD2F01
                                                                                                                                                                                SHA-256:BC8C9676CFE9A70BEAE2733DD84C856E630EA546311AB336652077348A9EF376
                                                                                                                                                                                SHA-512:565EEC44D342108D80531E4B19CE0C62C50EA6BCDC950AB41BC7320E37F6CA2185E47C813F5BA2FB25347C962C6EAC6165C952046837DEA50E9DB6B040A98F4A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.........|x..}-.$t%8....:TQa.06..dFbR..w.1.....4L....'.2..'...h...A......J.ps.=W..H.}.P.)..Z.b.O....! ...t..o..`.&..p....oQ<.d.....c.\...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):735
                                                                                                                                                                                Entropy (8bit):7.728510874237753
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:zi5kmJdLAepbHwO8M9vnZiPcal48p6AuZcQgj0KncXLFyW3QGW80WB+grpCKaaD5:ziimJSetQYFZlB/JKnQL4GP7B+2U82xs
                                                                                                                                                                                MD5:6BF83627D09A440597E22B1B2A724251
                                                                                                                                                                                SHA1:4068D1A463799E23713118BF971DFA2C239B69DC
                                                                                                                                                                                SHA-256:C0B220FAFB91153F5B224E12386874EF88105E21DDD2C1364A2492B3F4229260
                                                                                                                                                                                SHA-512:6CF8D82E8677464ADF8DD70B26DB8488EB704E6E73D3CA16766175D049183062E23789EDEDDF9195F38BE3F5228DB526000250F173A04E28E240001D8A4E76BF
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.Y...].S..........\..9..87....|...\.Iy...}..]....HR....{...<..X.g........ .z.,....>..D....|d.eYA..j..K.Nv.ll.Ng..F..y.[....^.Yx.6{.[.^.k:B..K......L..6.....i....h..G.~.A..Pw..1......FL..p..T.*.#qN..Y..K;...zke>.7...U-h....Q..)f.p.......8...h1...H.2...\..=...Y./...t....."W....nj.}..i.'..G.?../....f..,_..n.Y..XiP.L.....Ai[..y...&.W+...X.?...:..[H.[..).b..M1.I..uF].........)j.n~...W..4..F&..z.........Y^..U..e<i....K...z.q.v,%...Fgh..!....=v........$..rU...V...Twt.....e..c..B....4.......n=...U.h...A.....D....W..{..m....w~..P........4H.q3(..-.#DF}....N...3......!U|F..e...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):736
                                                                                                                                                                                Entropy (8bit):7.685561265229347
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:IuVaLBQ1g7+Ai8/W31G24IC60mvifKgBC5bbQFbsMEjJux/78Z7JeuaaDixTYJ:J0lQ+7+A23UfI5YdBVSjJ88Z7UA2xs
                                                                                                                                                                                MD5:90C5C5765904AEC09F5AD8B783473437
                                                                                                                                                                                SHA1:0D408E7218AEF8F267CAECF7AC38BA57C1AC6C98
                                                                                                                                                                                SHA-256:FDB245A32A91EBF4A0478F9695F7C81F83671DDD95559717CDEAE3746775FA1E
                                                                                                                                                                                SHA-512:E371C4B77DCE5E5268E66AAB6B05F43B2D0114D805FF27F36DD85574D3F2964EA58DFB730F9FC5EB275DD232933AF2FC009311E982613CD75DFA8D2A6E021C4F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:r8G.n/s%.E.5..G;..i.o<.R...LM.D.4.AY....2..m.L..zA.T.t..I.."..~_GZ.lj.YY.b..!....O....Z.a......#..O...L#.yg.Z.6..%...q.^..bE]7)t|........~...b...!...n...?zjsS.GA...>...3.T.Iq.!....h.Q...ys..o.b.....Z.w......6~Jh..2.f.....7.Z.....U.0B....x.......U.k.m.X.S5\/..X......y...e..B..9./lK%.\.V..?P...m..._4.....*.x.f.f+j{...tjo...P.."..(.P.0 .@.......v...m.oY{.........1._..........>...!...2.4......F..B...kQRW....3|....]5@...hI.....K.-V...{gj$*.V.p0...v..r...gmqG...........DE..>z.4......P.l...{......A....D....T..{y.e...b6.K..g.Z.....d..h...~lI...l......<l.1:.Z"...>......^-.\V.f...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):735
                                                                                                                                                                                Entropy (8bit):7.700766953589633
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:cVcT6Y0UqM2gpkHn7M0t/QPxTUyRThX02u6x7pBmaduAtbuwhaaDixTYJ:acT61UGKo7M0t/Q5TUqXJuQ3m2u3M2xs
                                                                                                                                                                                MD5:A064DE03927AAFFA698FD95DB7FD12E3
                                                                                                                                                                                SHA1:DAB31B1D6A3E8ACF5CE96BC675FCF33B89AD9F35
                                                                                                                                                                                SHA-256:3C4B3E90BDC3B336AC247540A30785E6B1B0983F4AE178F815702D5D1EDBE3B5
                                                                                                                                                                                SHA-512:24F446626872D6B94905839FCB4D52AD7A2ED7261F3B80C10DC71C03080B745CDEAE07C2B12DABE474DE3D22B87380303882C23765B3B454778FA8DBB137C86C
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:|..{.p-..o.....%..>.g6.H;....H...1..LT..8.IF..us...7...^..&.2k.9..Mr.I..".......~.........ylfk.7.....%.......o.A<2X3...r.L.J........O...c0`.[..Ur..i..,..".....PE.....Lb....$$..Z.M-.S...(.h..!..*..0@..... ..GO...&*..;u..l\.=..D.n.AD....w..5'i..,.].*.'.8.G.7....._N...6...kR...!=.c..0.D-b]'-6....h..j..r..3.k4..ne.a......hE.(n._.....-...h...gS1....0$.M{..f.3.n.N.jS.fb&H.3.Y...Z.s.6.v;y5G.'2...\......Mm.M....8....aU..rJ.. ......Z9... ........t..i..*..7b....P..l...4..kB.9...\"U...h...A.....D....W..{..+...Z....3..|K......... ..Y..#....y_.......ohD.Fa........i..e...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):735
                                                                                                                                                                                Entropy (8bit):7.72990450848386
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:zHR7tE3uJrS0n4GD+TkLD6DDV/Q1WiFOlahglmLV2TtNZWbZaaDixTYJ:L5tjJdKkanVI1rFthkmMg2xs
                                                                                                                                                                                MD5:05307BC9F342A45CE89A0314F32449B9
                                                                                                                                                                                SHA1:1B4B24135BD9B0F73D1B3BE8964971344A073906
                                                                                                                                                                                SHA-256:1700B307258803BA78C344B9E1AEB91C36557564830EB40A644CD52520E844EE
                                                                                                                                                                                SHA-512:980370195212207C885D3F1EB92C3D24E4FC6A3FF9517F0A170EFF5DB5D44FC4B10EACF6B851AFFEBBE91CE4CAF9327CD800C5293D1410883D9F2CE9F8117FC7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...[.p..yx........T.7.f....*..p.q.c<o.]X...r*.JH....a..P..3_.....ta....2X...Z=.h[.....(...C......;K..o...../...V....2.;..y.=)L!rN.;.i..29..g._..G.*?...R._FlZ.....Fzw....(...}..E..`d.....X....}.qO.#.UN#.?.p..X...D.....A&.+......@.<.t.XR+.O..d,@..e.#.Q>.?.N...k.Q.u[a..e...W......y........9.......p...]r..m....Mg....,.....t.?...n..P.{....2...P@Z..Lf.p.......]...H.....M.....&9...[.;...E..N.......d......TA....-.F. ..[..>.q.s../a....x+{']...{$7.......{W.Y......w...?#z.+..u.4....).......Th...A.....D....W..{...8. .|=...FB:.Qyu..o>0.|R..e*f..w.S....7j.jb*.....rT.....ie...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):736
                                                                                                                                                                                Entropy (8bit):7.71094561411602
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:nEbDCHi1eEAqftmlSdX0+04vwICAntUKdQ5MQzjG5vaaDixTYJ:ECNEw8X0+vvw/AntUK+dzjG5r2xs
                                                                                                                                                                                MD5:5D050BD91AF45CA598C290329DF3BDD3
                                                                                                                                                                                SHA1:78384F703FA239DFBF02CB2A47A3DB2A26CD5225
                                                                                                                                                                                SHA-256:F5BE02400DEF0E1919520B4E895CAC44ABBF2BA13470E8DBD3761B99FD62FB0E
                                                                                                                                                                                SHA-512:98BE098D73DB24672582D11950D47565B68437CB03426B1D76D334FB23BCF041F9C565303B5ABDF47FB41E72554AFC7BB419C4E5D114AE0C3DC317DEDCCC1F0A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...Lj...L.......;.0s...O.... .LFY6.<.....G7.X...T..zP&......`D;.!...|.b.b.dk..<.O._.B.]R6...TH..(f..p..\..).......C.!P(....u2.w+78C.M..*7n_Tex...8.v..0.......LS=..B...{k!..f@....S....4..3.U.."..(...?=^e|@....{..1~...C..D....^..$di.7...YoK..p[2E...=.x./.................*.......+N&.......<.zJ,..`..PI~....TL.p)6].........H....EH..KdhOIO.g.8.....cx>F.8eXV.9_.p...h=+.R.~......Z..w.y.+x..;.l...4Z.dM]../.@h.%9i7.0.3])......'.).8..1.#..(.......%PJ..t..~.o..Ws..6O.|.. .$.g.^..H.4......P.@....b$j...A....D....T..{y-!.......`Z>o......x.z..'.{.......Ko.O..........)B...U....f...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):735
                                                                                                                                                                                Entropy (8bit):7.694222511372425
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:bTwtEkpkUKpViqKVuboGRhxJuojYKiTxZGHjFWcdmqgg+mE5qaaDixTYJ:b0Z9pVudRhxJIKGx4Hj7mlVmCc2xs
                                                                                                                                                                                MD5:4B67812861315830B86217C70FE8B41C
                                                                                                                                                                                SHA1:04018CF87E2F5F88AB61586FA91004EB88CE0DD3
                                                                                                                                                                                SHA-256:0EFB56DD40AA897B0059F1488747262E35AB6613E71C3D6F0D8BBBAB01E2A385
                                                                                                                                                                                SHA-512:970CEB1658837A6E2ACB292B510AA0D91515CA3B26074C36CB70ABB0B55D7E11C339022190F6FACA1A0B3C9E1FAB0CBF50513A4B5746B7F0AB994AF5ED790FEC
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.K....:K\\.4...Z<..{.-D6...x.h..k4..af.T63=.........=...d0.p..+(..r..pc....Cf.{..f,...d.H...#.R.....@.zk..V.8.6...U.*..t9...7..ER....b!.%D..u...=\o..i).!.,...{..c.].B-K.p...3.b4.8\h.{x...F..M.......=PiQ..TK...5.e..e.u+..Z...]..."..,..<..y..l...0...........}..o}S...".&.2,..rN.........SW....m.5............_.T.v,.ku.)*G....#.....e.`....t......-....{Q......x...e... .SQ...c.6zfO...x......(pr....T..e.[...(Q...-.yx.>..r..&En4k.6*R..........|....@.y7N....u.......F.W.ufdf/V.).=.jK./...4......6.....5.h...A.....D....W..{:.]..G.6.;...@...MV,...M......+<...m=".(AxL..(...&OH....JGN.e...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):733
                                                                                                                                                                                Entropy (8bit):7.685142852136652
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:mbhodZp93WiIM4TMVS5kyxlrd5BxEKaMo4/ts5AUqmyUF/ANpjIp63kCTfaaDixs:y63FIM4/5kilZfxXealm3/MJIw3kCv2q
                                                                                                                                                                                MD5:A2FC794B1F17809CDCA48F5915DD2E92
                                                                                                                                                                                SHA1:A5AEC598D19C64B45D7E77953217538AF56DA06C
                                                                                                                                                                                SHA-256:9DF9FFFD90570566C0F474885A6C153A80BBCB6683EF2DDAC1A83721A4017C31
                                                                                                                                                                                SHA-512:ED8E623743E9E4D8D8A3192D7736B2C0848D49101AFF64806CC13676107EA717BE153CFCBA5D483CFD2E1C11B3B1AC2081A1E35390BCB6BC32C370434614B7D1
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview::.S....C..F.m.O.,<L.M8[..k<......1.......l-..<.a...t@)..#mM..M..........6}.4..\.#.x1.$\..^.QO.r.]Z...z..7{&~..).G....aC..s.0$...Z^..`.....pN.C...X.(....x.Hr.`R.gN.6O.,........'5.......P!.].....^./..Q...mN..i.b...IH..8."-.pQ.1y.P.^....8,...*v.Oc.<..Z.') .9.W.......O.'s..K..v...)..w.._...B.....{h..."..A..+.....('.d........D....2[U.......?"...L....2.Uy.....(.....aC-."8[?....*z.-.&.c/,..y.j..^C...GA......:.p...<U.$..l.. .k..U9......W`M.2.g...l.F..H._7.....>.u...V.4.....,...M.....h...A.....D....T........v...o.x2T.oUS2...CSj.B.K0...#.@.9e.f..O.5#y..A..a..Mq..Pc...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):735
                                                                                                                                                                                Entropy (8bit):7.758405542565724
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:6t2/uIYCN7cfRLfjRLHjFhGNCWzoEYzO2Z2ovIAUGfkMuaaDixTYJ:6t2/HYAcBfjlHjPGNC5EeTvIAnfnA2xs
                                                                                                                                                                                MD5:8564A7EB25BE9BD6AE9DC1EE59681831
                                                                                                                                                                                SHA1:7E54967BE247BF4AD9E45FB5AB40AA1A9FA1CC35
                                                                                                                                                                                SHA-256:AC2534AAA8CDC247F76E66914A4CD9C731FA80F9893B244D77A615C8EB3AED10
                                                                                                                                                                                SHA-512:4EF1DBF9EB8A1FC39231BE8B9A685581B5D9C4C25B1E23A433D467B38DA157863E41AFA7A0ADB7C40E3679457F46D6AFFE1E146DA72F612BA2B40175BDB3D24A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...&Fa...t........"LfY/.*)...=?........9.I.V..R....{.Y.D|...x...w....P....<.3..q...[..p.,.A....>o..-R../....'.Klu.etg....a..}.G.n%..GO...8.P9....?.vB..B.y.... ........y..R_.|.bi;.1$.+...5c.y..m..H..S....?).. vF....4j2.I.'.....\e?..7C......$3..h.. h.J.2....R.....(7.0...U.%-S.I.U..0_..M.9.........|..CV;...l..e.....Gor.H.....5L5u..w.....J.sH9NL.E.l...].1'..ic..J.@Q.iE.z>......G.OaA......k9....../...v.)..h^.S...... Y..v.~.....w.`.g..A.Xkb..j....?....P*&?......g....J3!.'.4......i)...{..h...A.....D....W..{*..M.*.c#..`.a].]......b5....f..\P.}..P.'..P.........C..z~.3e...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):735
                                                                                                                                                                                Entropy (8bit):7.713469706641724
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:JmlpQQlBWxmhWmeqvQuD+n0Vmx9l7aekBRKT7OumRjBgb7paaDixTYJ:JSawBSCWmeqYQHe95ahBRs7OTjib7R2q
                                                                                                                                                                                MD5:A874DB3794BC90D7DF992DD08C856C4B
                                                                                                                                                                                SHA1:F1B6563E9A0C68F61CF6899A43AB3E3A28C99381
                                                                                                                                                                                SHA-256:2E7C788248261BAED0D3E0A35885B404DE6EAA103C44F80D2EF84D4E7B70CD3E
                                                                                                                                                                                SHA-512:03005A3656D98BC9529CA9BCA6FECF4C603FC4542D88EEDA1474E7360D999FCB939B55055D9ED06E025FA5AAD1730FE458C0FFAB4479C6023BEF292A7607922F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:....0.5.....3...|x...q.@bKo$...J...s..t..u...:Ob...e..V.J.QFY.l..._..'..:....N.....%M..<...j..g...UTA`....-..3.......;...#+.L..Dg.g..g^.87...o..%....Fzy.7......1".O).o.D2`.k#I.O.....Vc.;.;.sA[....H$.Z|...=a..ZJ..>.)f.....j..%rD[.q.2..r..Tj/...Qc.MKzY...I./x.S~...]......rl@..^XH..........o......x.-9...}.E.wZ".J..4..V...j...5....c.wk...)Q<..r.s..-...k9.....7]C1..YT.;..&^:...&`.6J4a*J....f...o.j.hp/"`...]..{...(@.o..b.#...R...K..L.G..Y..=....x.b........1dAHKO.s.. ...4......1...U..h...A.....D....W..{..y.@.aI..d..A;...D.z..).2..dD..m.....0.Dj:P..>....&-^.$..M..e...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):733
                                                                                                                                                                                Entropy (8bit):7.706413118993862
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:Z03PE5YI8HDwZv8YNqTMOwfACzhAswNvfSDuISBfFTT+YeaaDixTYJ:ZePE5YLHDwZv8YcdEAEhwvLXBfF/bw2q
                                                                                                                                                                                MD5:21CBC8A3FAF96100494A012C5A6363AB
                                                                                                                                                                                SHA1:745B414E6D75AC8694065800D4054ABECBA5F449
                                                                                                                                                                                SHA-256:6B008FEC98837477C314FA999C4642B0C2F2BE8A74AF029B67CEE213D00AF928
                                                                                                                                                                                SHA-512:7932C34A9DA90A6A1FE288D392F5B16E2D81F508BBBDAE2E6A181D699EC40FCD7FE68CA6247CDCCE66A07E2A6C3E0CCC57E6ADE02C91DC40B67EE41306386862
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:3..u......e..s.M.r..5m~.C...Nv.I._.p.s@.l..:j..s.....2.S.'Pk.c.H..VO#...:$=.....u@.L2..x.._...h...n.xL.g!0F..jP.j."nbI.K........u.z'w.M...)...s...0..8#..&.G..nN.".,....A.....F....M8{. o...C..., .V..".......{...:.x.....<.z...XD......0V.C......epR`..4.K..8.@..h.J.-...;.....7...Y...F<I$./.T...F...../..1].N........... ..T.^.N...b#.$.z.r...@..\..W.1.U...eU.b..sW.8..#....!.^...S......e.4..[...........$%0.g....Gc%..Z...{.l.,..M...5~.(..n...a.i0.....J.z..n..m,......v)!.r.RD%...5.V.C...!)../.M..h...A.....D....T...W....L....{.....U......w.....\3i,.VWg.....e.=..."*..I.XZ.U.c...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):738
                                                                                                                                                                                Entropy (8bit):7.722857603831986
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:P/ygQu5rzf+I5G+AXiWYZm0wsJ0PLJIaLcpRGt1896FK77YJUFCWQcvaaDixTYJ:P/y2575G+YifZMzLJIaApkt180K77wcF
                                                                                                                                                                                MD5:299F19F21AA5503936C4FA395F8289E1
                                                                                                                                                                                SHA1:9A6617BD1C3B0F2FF890C599E1DB7678A08557A1
                                                                                                                                                                                SHA-256:A378957A4CAC818C9A8E2C58F0ED1E78D11922B7B07D63DCE129EDE31BC8EDFA
                                                                                                                                                                                SHA-512:A493A4A1C41FE7C3F62A34B1C383AD59755D2C34763C5A629B7FD53649DE8F276AC3EB7A2E0CB7E48E25B9BE6B58DADB3AF74E62424D29D827DB5011FDBB900C
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.5....x...`#ye,ZUk*.L..+....%...4.IOU.xWs...CP.d................ .......j&-..(...].........D......A.....K.>.< ...:c.....*.?...L i.7B?vp..h.'W.%JMJ...j.z.l}.=...4.......C......`.]..:..Yn.V.E...Y..#.By}Kc...I.-.....J..o.=.....e.8...~.O7j.....sM.q...~ZiH.=.....m..=c~.*.k....# .H.N/..A!'...........E]V..s&..UU...-...A..............;.>6..E..u .A.qq(.F.H.nL&...f.F;.....HH.........y.....G.]. .{...b|.....).f.\...|...c...}...3.H.....1.h..|N......W......O.#...OD...o....N..`S.9...4......~=.......s...W....D....T..xy4= ...d.).n...a.?.......8 b.8.s.Y...L...skU-.r.H|O7ong.a.....h...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):737
                                                                                                                                                                                Entropy (8bit):7.705747154597756
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:jJgyf2Owb0B4ycKXO+Gp5C/+5KTCrJ2Q3XFsrA8xSoLTh2D6tVZ1cxqzJMaaDixs:rH0wO+oeCgQFO53h2s+x/2xs
                                                                                                                                                                                MD5:EF22E67E57303278060670F655A3399A
                                                                                                                                                                                SHA1:4E8F061362A4B2F22899A365C024C53CD70750A3
                                                                                                                                                                                SHA-256:3C92FF5C337107C16F8096E85D593600631099D9D3B429069B265B9343167CBE
                                                                                                                                                                                SHA-512:E1D5804316408B555A65EEFD18C75E0E08BF9F638B648420CF538DF6ABF1755A72BEF6E717B77F8DAE6F3DF90C27FD3531E03CE227016FDC113B44F5FF227526
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:T....>U..$%..a.ups...@5=.....2...&.N.Apc.H....L...P.!...<.;..t.O.5...\..<....D=N...m.9.....`.Z..e.x.D2..~K....Q......I4Y..cD..S[..[...o50......0..i..~~G.@..='.b..!9.u..e..g...x..$n. .4.G.....I...f.Su....1zw.6...:.6D.;..y....L[8.Go...4m..I..q*...|PK.6....f...'..r..$.zY...o.....&...|.a.8.7..~.f.U>..K.B{.!>5~.."T.|.u...H*...*b....].WqJS}|..'...qf..I<..........g.vJ...2.?...(.qL...9>a....[.i\.'..Fxw..L.....c ....... .>.L.f.[o....Wt...V....<.eky..M.......P.a."..-=...._.4.....Y....;.......A.....D....T..{y4...ki.lS....L0x...q.c...T.6.R.........&.....-.N..p.8...2z....g...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:COM executable for DOS
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):734
                                                                                                                                                                                Entropy (8bit):7.71304650677715
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:vKroIgta4WkgB+N4ZAlncO9Kns7dhift1U/eL2cuP1mzqWMlKYXat5aaDixTYJ:vMBoYkBz/9KnsqrUGLv3qWYKth2xs
                                                                                                                                                                                MD5:30618F9D47A99797E12286B264513653
                                                                                                                                                                                SHA1:1D28173B2CF87E2003176D61A96DBFAB54493A96
                                                                                                                                                                                SHA-256:B46F0A148ABA1A75A4698CCC60F1AE46B179063CC4CB935A29F5DEE91F1C6FA0
                                                                                                                                                                                SHA-512:DFF5D830B83643E785B200CFAF665CD30F7476F24DFAAB50F04C5C56DA91970DB0423E0D530D63B709EBE1B4BCD442AE430CC3D6D5C8724F8598DA7A709EC7B2
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:......'.n..F....&..r.(...".|O. yq.zh..U?.l)B..:....,...e<.\b.m..1L..hx.T.O...C..`.no....>y.Egm...q...p%....'.q.H`.e..jN..X.......\. .<..eU...:.k....H...i....YO..|....A(:S.....vC.Q.$..^..U.b..)..k&vQ.$'/.....0j........."..f..s2m.=[P.k.o.u]....Y.Y....3:<l.._..M....yQz.wV._.-.....x+..alZ..;^.QW8J......@:.0...qZ.|(..%\U..].c.4.1.V?0.2Ce.....9$.1d..<po....M.l......*..l%[...;....w^..V.9....n.r.V'N.....^.=.....j}..&ny..... ...=......4....(.....r....=Bv[..2..c.&.....HXJS..\....P\......4.......<..W....z.........G....T..@W.b......a....C.}c......Q..6...............`.\.(].oC.M...0.d...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):735
                                                                                                                                                                                Entropy (8bit):7.731120859597814
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:WvyPagqsV0v1iPGEexPloRtBOLFvXSS5MXyumCeAd/zINZk9IIEVaaDixTYJ:ELjsV61BxlowhMHmLAXIJ2xs
                                                                                                                                                                                MD5:9D98A8B63DEA9E6264631924AC6A67A3
                                                                                                                                                                                SHA1:F8637586C4C8AD3B8ACCAF5EF26E52DE0E511895
                                                                                                                                                                                SHA-256:300146621694829C286A0F3307E2A3A0E670FC9395E800CDA9E0F43BF75AFF0E
                                                                                                                                                                                SHA-512:422E61F6103E4B849C88D5CDC096EC00510FEE7E945677744704B185F675090BA25802DDE423BD71958B734F4A6FF30480E8B88B8545E2E36657428FA047D6C3
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.4...,".....H...2...=?Y...W......_wV.8....h.(...m......a.n0...(..|U.E.T".j...b...y.>..)......?J....@7.V.....,.9..i6......... U2F.+].>7%...57mqH..o...9..2.2."..0..+.eOtsW.l...=.4.c..\.e.t..v........e..?^/S.I.8.....O.8.k.s.R.`.4.....}....o>b*E.%q.j#.x..nOVG.I....o....k......!U(k...).M..pS.O...$.7..&..zN...x...t.h...e..I-.......]p...a.uz...r...x8.2 ...M......q........~..=.jpJ...o.S=.k..g..cdn.3u."......rG~.a^..#..@T3..i>...!..J..}..K..'..Ec...........4..[|..%>[UA.n.0..r......4......a0......h...A.....D....W..{..=..R.%.....". .D9...)..=Te....J..: ...a.....r+%39..W.D7.e...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):734
                                                                                                                                                                                Entropy (8bit):7.709802512102065
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:dUsxDTJe7T5w2J0eLNjpUk3cEnXG6Qv9IlI0AsO5xX8fb6pFaQlql9vaaDixTYJ:vwS2Z97Z2P9IlsOchUl2xs
                                                                                                                                                                                MD5:E1BD7B16042D082ED07D98197EFC57DA
                                                                                                                                                                                SHA1:4E84375463CBE0096773AC0E2F1F6455DDF1507B
                                                                                                                                                                                SHA-256:69EB9C0F01F7E485C50CB754A5998E27DCBEC00214D10A8F01D370332A19CF1E
                                                                                                                                                                                SHA-512:A09B2253EAF4BC8BD9DFA5AA2B4C1D7A56E852372447FF02F1B98E8ACCA11C983A77F4ACA311A0876911BA3BF0ADA1839917383955CA8E56230A0E7C43EE833B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.\.G.&......S{@..@\F..(Fqn.Y.9..........4....a.v{.t.le.G.1.x.....|3.Gl>..~.>.DI.^..c..8.;V..=...[e.[vd-..$...X.-.....-....e..0...Rk..."dtMS.vU...B..z._..@....E........e...7..B.k.......D.F.x.E^..'.d(.7..76o....B..7~.......6C.o...?......'...N........U-.)...N.7[T3..].j..."..z#9~.kQ....u....4NNb..S.a.<.T..V.7.).7..w.......2.29...........V...kRg..NCl..kX.w...Tm...{U.5.E.......C......ZH.K_N....=5)..Z.....I.4.1....\......>..._......O..C_;.Z.5.$..`.0.}....V.s..^.N...Z....d......q...4..........;....z.........G....T...T@..3.w-...y......G..q..[_.F..._(..J..]h........^MK.!.Zi.d...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):733
                                                                                                                                                                                Entropy (8bit):7.761267527740369
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:jZRlECK2R3Q2ilwiKRDuV6gRdA4lc8UU9heQqcPZy8p+3rOWUC6qg+lND8wunipX:jJECK8Zy42vlfUCheQpPZA3L9unap5Bd
                                                                                                                                                                                MD5:CBABB3A9A8106857CFE7C4C3C65ED686
                                                                                                                                                                                SHA1:9C0BF02A69881F23C2AABF55EEB1E14C2897A058
                                                                                                                                                                                SHA-256:0953A0D3B95FCFD447F64A77465FB22C23BEBA28528E464772D853755C2D9A4C
                                                                                                                                                                                SHA-512:74969A7FD8B090E228F48CF00CA62074012494AC6FAF3B2BFAF5008FA15A627ECC16B1B6135F96FB8ABF6595D1A772F5906E848305DFE23E2950826A1CE5EE6E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:G..NE...L.ec...O.G..F..'.).`0.].q8......eg..P.Rn&..W.}..1..r..{.Z"..............u.7h..%5|.YK....hS..P....M..u.csS...m.Qa...H...q.~CO...Ua...z.....o..mfI......p>*e.LFl.<EX"U*.2.....|6e9..2vi.....=...o..6........[5..[.Ea...Z.......9..X...H..-.V`...?bZ&..~...]!..h.Z,...e.^.`\Z.Nl.m~.s1..sS.m...X..U.U{v.(nd.<.K..'."..*$.rQ.^..B.M!?.......z6.R.o.%....a$.W:...b.M.:..E..\q.....p_....b.A.....dn'..=N.j..w..... ........ReL.Xr.|.........t....rd...O.sGP.!]..L...Z.....'..pQ+7..bw..4.....Y.#..K...h...A.....D....T..@.../B....6...4>........+.....^.....M.Q. ...Zv&..+T.;!#t.2Oc...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):24843
                                                                                                                                                                                Entropy (8bit):7.99174965000303
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:6FFcGOPVmTkyjVryp+auOafpj5lIeOcrC1XfXaum:67cVVfGVr8WVlIeyC
                                                                                                                                                                                MD5:5EE1B2B3DA9499922C54083CC8B41F4D
                                                                                                                                                                                SHA1:2CBFEF573A1843267B0AFE58886DD68B6447DC34
                                                                                                                                                                                SHA-256:F25426C692C6B941E16312B6E3CCA41B72EA5E6E61AB41D9E5B5ABE9E715D848
                                                                                                                                                                                SHA-512:1FC4AD06C3ABF5D2D89E5802B46E3A4628606DD6FC225997D08C8DF870493E3107378A0E5710A15908A0870F1E897DE2674EC99E4B68C33770EFE2720EEE6B88
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:g.|.S.|....)A.N.O....".....$...u......Yt........2..S........_.8..y#F....x...z ../.%.....[.o......->....../.yAhu..T.XoGA.......l..R.+U.....=L.V...e....UU..........0....7v.{..$...u.^a.Y_......./B......mb'3..........3..9c.bu1PN.......k....L...........$.[..Bpl..9.......O...&z...|.7.*8..m.f..o............@fn?w..T;..K}.l.n....._N...1.K..B.kxa#.$..L..c...^........IAb.@3,...twj..."........3..........0.s.8+s...........eL.mEV@.~.....0..I..R1.+...)^...>E.a. .....t.........28.#....>TG...w.........$........]... S86..........x.[.9./.!...'...v.......7..C...|e..\K.U....5........: .h'...>Y...Z......c..u2..n.Ix....*P../g...L.E...d..Ffi.....|.8jR.tQ.%..1....o.... .[.'.S.k#...aNu.[.....q.6}.f.Y...xn>....h..;.|{..z....;S..3....%.!%. ....._p....3..p+............/....v5i\.r|.YPY.1.N......V...Z-GD...8J`....#..H..A.}..^.......}.5...+....l/.SVZ..O......MJ..z.A._..{....O.#.(.....h..L...n.cc.G(..F.%c:.....5...7...^d.b.....z...p$..9}.!u.....
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):20971520
                                                                                                                                                                                Entropy (8bit):0.015964112735461628
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:gWTaygqFtf98gwBP454jM4+4zj4y4u4GU6o94ENM4xYt4Vz34AzC4I9:gWTaydFtf98gwBQaN74HL8Fq7G+
                                                                                                                                                                                MD5:6B93A23E5D64B466DD4C2C5686493900
                                                                                                                                                                                SHA1:C8011F7D6ECF40E2412721FA8A883D601E89F76C
                                                                                                                                                                                SHA-256:13C3B6F54BD0731C8C6E169C76CFB1DEDCBF00B83F01FE85D5CBEDA686F0969C
                                                                                                                                                                                SHA-512:9AE43967B2AAA8B0B1191BC8860079D5A23F8D67F5C3FC4F37A957B40915A2DEF2A1D1851D84A3E77DB84AFDEA3612B580CE72F0D616D8B65B23990B678CBEA5
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..05/06/2024 12:05:28.922.ONENOTE (0x1784).0x14E4.Microsoft OneNote.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Telemetry.LoadXmlRules","Flags":33777014401990913,"InternalSequenceNumber":20,"Time":"2024-05-06T12:05:28.922Z","Contract":"Office.System.Activity","Activity.CV":"rSKq2PguzE+C7XzUXyuHPQ.6.1","Activity.Duration":135,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":false,"Activity.Result.Code":-2147024890,"Activity.Result.Type":"HRESULT","Activity.Result.Tag":528307459}...05/06/2024 12:05:28.938.ONENOTE (0x1784).0x14E4.Microsoft OneNote.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Telemetry.ProcessIdleQueueJob","Flags":33777014401990913,"InternalSequenceNumber":21,"Time":"2024-05-06T12:05:28.938Z","Contract":"Office.System.Activity","Activity.CV":"rSKq2PguzE+C7XzUXyuHPQ.6","Activity.Duration":7431,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":false,"Data.Fa
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):20971520
                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3::
                                                                                                                                                                                MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                                                                                                                                                                                SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                                                                                                                                                                                SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                                                                                                                                                                                SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):65536
                                                                                                                                                                                Entropy (8bit):0.4275140708066482
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:grmMFpVQpo7ej9GU6EepOlF3S2BAOCcNafqrNsylVlsolDPZ1XKD8:grBOiej4KbmckO8/
                                                                                                                                                                                MD5:E9317A5027D5A427382A490BC0D1716D
                                                                                                                                                                                SHA1:3086AB0D2D4796D530AF9D2FC958D0793EDC7A27
                                                                                                                                                                                SHA-256:06762B11A9732CE2FDE22136876A09D8916DC739BAC5341CC19C6788DBDD3DF5
                                                                                                                                                                                SHA-512:F7B57C877956D5D6F4BA1936AFA0D99E0FA688B3571ADA1A9160D149A55C9E649C3585AF66C4933EC713996FAE993B86C0E6908C800D9AE0D8AE4A43C21D113C
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:................................XM...p.. EMF....p...............l.......D........... ...............?....f..P.r.i.n.t. .t.e.s.t.....%...........%...........R...p...................................C.o.n.s.o.l.a.s................................................................................................... Q(....F.D.2.v&.u....l+.v.&.u....X.....F...F.......2..s...........u.................M....2.....T........2...........2....v..@.......2....v......v...uh......vm..v...........u..2...2....v...u............dv......%.......................................................b...........d...................................................T...T..........................@?@.@'...5.......L.......................P... ...........................................................T...T..........................@?@.@............L.......................P... ...................................T.......'...5..................@?@.@'...5.......L.......................|...L.o.c.k.B.i.t. .B.l.a.c.k. .R.a.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:11:38], progressive, precision 8, 577x757, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):84097
                                                                                                                                                                                Entropy (8bit):7.78862495530604
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:cgHTEuD99rHwA5MSadIV2MApVmfJkAKOQ/Z1I7ngpDDyHfKFVITrU:HHjXidIhApV88/jIEmrU
                                                                                                                                                                                MD5:37EED97290E8ECB46A576C84F0810568
                                                                                                                                                                                SHA1:18D9FACB4CFA3CBF63B882CABCF30B203EDF4126
                                                                                                                                                                                SHA-256:140DD943D0F0CFE6AAA98470B7D1A7CB62CA02CB1D8F522DD2AC77433232EF41
                                                                                                                                                                                SHA-512:E0F57314C136211B8253EB2AC0093DED82198E7170D4F97C40D82FD4EC4123D2AAFE3EB4EBC3E7523C4DF4D77619408773871BDE15B6DC6C4049C71D5B9D4222
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H.....hExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:11:38.............................A.......................................................&.(.................................2.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................z.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....b.xH......T..I...S.q.~..../s.R.x.....8.a..vE.5...-.G.A.4...._......$K..d.@NC.q....J.....>e".I.%...I0).R.I$........M3.F .
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):60924
                                                                                                                                                                                Entropy (8bit):7.758472758205366
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:kU7O7+CFqO6DkxTgPzo2wqggrrX8QvN1I/ZLBttB9+dPFXbc:hVuqJDaTqo2wq1L84N1I/Z1tT9X
                                                                                                                                                                                MD5:D58C51D2CF586A5E14A9EC8529C3B0A8
                                                                                                                                                                                SHA1:F4811A353797C29B1E3F5A61B125C46E1534D587
                                                                                                                                                                                SHA-256:F927C7825851974A2149868146970706523A49165133CEE6027A43E8C9ABDF27
                                                                                                                                                                                SHA-512:34B963173AFBDF07432F4B983D29F10376E4771FE666E9D50B1A81DA0B9F6001FD86B4A08B9711386DE153BF6E03C8E932E2D181C8EAF94EFF34D20FCA7570E0
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d................................................................................................!1AQ.aq....".....2B...Rbr#.s.4...3$.5u.6v..CSc...DT..f..t..&F........................!1..A.Qaq....."2....B.s....Rbr..#4...35...CSc.$...DTdt..%..............?....O<......X.O.Fg..{.W&u.u.T~.|r;g!.._X..N.p.4.........................................................yK..xd...6..|%....\j..e.=...Y..f..I.|-....e...$R.j.......~.W#....{.....V.k.|F..z^..:.~..f......"x.....L..K..r../.;..[..l...;.U...W...X.........8.....y?..B...m.......j..Q.g3..G.K....GL.o..n7a..Y..[.'.........x........\......~...f...0\Wc.n?k.|.....1.ww;..2..?...r4uF.MXdB6..W..mG2NJ.E........u...2.q...Z..=(l)jU.X...U.\X.......O<......X.O.Fg..{.W&u.u.T~.|r;g!.._X..N.p.4.......................................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 780x107, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2898
                                                                                                                                                                                Entropy (8bit):7.551512280854713
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:N9YMTXc4gpw+EIWnqQ5G+NE9VTzRFvS4+Xh+AKrNx+JuCluc3Eeky8etajhDCFex:/hDc4rPIoNEzbS4+XhOrGJu1cUHeoVey
                                                                                                                                                                                MD5:7C7D9922101488124D2E4666709198AC
                                                                                                                                                                                SHA1:00CC44A1B84D4D94A0ACE8834491EB5F65D04619
                                                                                                                                                                                SHA-256:20016E5FA1A32DCE5AF4E92872597E36432185A7BB2E61C91F362BD68484529B
                                                                                                                                                                                SHA-512:882944B2CF040485899128E03B7499C540D481E45FE8017DBF4FE0330157B2D8ABB7334DDB31C112BA0EFE3722A554883917C54155A7F60044D2D7F3D848260F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......k....".......................................2...........................c.....TUb...Sa...QRqr..............................!.....................Q...R..!..............?...$.)m.1...%%bV.J..H....-.%a[...I"WJ..:.X.:TT.$.......N.-NR.E..-NR.E...9..E....$.k.....B.I,I)..J...kr..+)..I,Yj..YbI..+,J..e..Z..V.e.$V..TV.X..V.YQZ.EQ..U%PY[.[.R.EP............................| F.. ...j*...!m.!j.I%.j.$...YeEYYEEUE..eY[.hEEUeEil.....%..el...V..TUYA.U.UTTUT.Z..UQQUQE...V.,...UlE.U[.lEP.P.@......................................R1...AR1m.....#..$:.T.p..IJ.t.....A..AH.,5..]F!a.XJFaa. ..a.!*.aa. X.e.......bB.b..,HX[,!..,,.c0.,..U..X..(,,...B(.,..4..B.`..".a..-......"...........................>D..IKEb...t.....)u.....)K.%+L\.J]i)*b.JR.IIL\i)u....T............T.....qs.it.iJ...])ZJb.....X....U.A...V1..B.R1....X...,.c...,%X...,%#0...,H
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):40035
                                                                                                                                                                                Entropy (8bit):7.360144465307449
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:MQhziQo1RKGlyyzYjlxuxwRUj/BN837xRmwH2uDTCn8qXFQziN:ThzrSzalg6O563l4uTC8q1Ig
                                                                                                                                                                                MD5:B1DDD365D87605F96D72042CB56572F6
                                                                                                                                                                                SHA1:ADF71DAD1A62B8A58A657C2EDBDD665A19EB846B
                                                                                                                                                                                SHA-256:06E09DE80C3F32254DA4FE6B2CBAD7C05EF144DD54B8C65745E195BBF7317A2E
                                                                                                                                                                                SHA-512:9C686092CC9524F34EA6CEC9AAE936A6225BCC54DE38DE1786EBA8F532959A80FF885E8664A09E4C318D7CA4B278E807D3D1F135BE55F30979B844FF5EC9699A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!1....AQ.aq.....".3.5...2B#s.$%..Rr.CS4&6...bE'7.c.DTtU...d.eu...VFfv.Gw.....Wg......................!...1AQaq........"2..4..Rbr#3$...B.s5Cc.S%.D............?..^.f....R*.N{.{f.....O.r.V.;U..~...U.(..>M._.yI.{8,..^.t...s`...j.O..U5t.&&..h.G.6Da.;.....J.......E..QD...C...}..N...tR.....~..].J:.V$.*.r......]...W......4.[.)6..Y_.....4...........m._'HR.a......]U=.....n...0.W..]..K..){.+...w...f...<|..1/.|.....b..-..y....]U#Ctn.7m.._.|..2I;|....tM....q.q.}.N)....'...9&...nR...R..}.........m._.LZ}u.../K....9.~..?.{....V.#..dx.Zk.:=..:.j].....E#....E~w%....J..[S..[......gr...vb.r]..<..ut..i...[P.w....:..Gkn>......#..m...9km`......t).up.....w....VOR.{&.nQI..}...wD.7Ey#n....MO.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 105x441, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2268
                                                                                                                                                                                Entropy (8bit):7.384274251000273
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:N9YMn9H5gXlM26vroVXWxyNnl1LmLR+rn4FOeewGhDbby:/h9SlMdgm09ll8R2/rby
                                                                                                                                                                                MD5:09A7AE94AA8E517298A9618A13D6E0E2
                                                                                                                                                                                SHA1:FA5181A7414BA32F816BF0C4278EC20C615E8B1A
                                                                                                                                                                                SHA-256:3C68C7EE798E62A4A99C740153F3980D7DF029605C843410942C7F85E794823B
                                                                                                                                                                                SHA-512:074E9A2BE2039D0AFEAD360157550B934FABD0CB86B5AF476C1FBC885EE60331F5A68EAF70BF76E23C8248A20FB900346839F4AA8892370B5889E64948DCC6E2
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222........i..".......................................3......................!.A..1Q."q.2BRa.b...#$................................... .......................!12AqQ.............?..D.z.4....;.....7...3.t<!..d.O.....+O+.;.z6.4cz7E.........U.Z)-..@..y...........}(W...<.xv/...5.ew......yN....n.Tk.Tm.Ty.vA=...T..U....h...e.8.5%....'......e^......L.g.$.~e..O.._...... .F`.....xnL.<.......]jfv...}..\G..c.......-%...#.C.|.].`..^..W..c..B..5D.QSTaZ.5A=....BU..z%.4.h.6..=..U...W.$..l...7.:...........IPQT_...~..i..x....~.l.|.n.J..TV.21.Tg.....................j.z!+.-............"j.j...)*..TT...."....T.Tc.**j..............j.z!*.h...&.&.&..e.%..TksTW%G.?".l+$..c._9..[x...TU..........i~X..#'.qm?ttO.....}*.i...q.....9..r..?..W..d.w...f;..q...tZh..0.....2.......OD%Q-.......$......56.K.O...y._..*_C.k..p9.p..O..vu...'........0v
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:13:06], progressive, precision 8, 570x779, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):129887
                                                                                                                                                                                Entropy (8bit):7.8877849553452695
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3072:QS1x1rXglsteJ79wHi4vNQR5yBlUdOSILe9hSj9jeWMPjdlOJ:vvglst1HiwWR5yBA2LeS9jd1
                                                                                                                                                                                MD5:737E96E41D79D3BDACE7AB4F8CBF6274
                                                                                                                                                                                SHA1:E6202A41A4F86B27D9EBCAEF7670B16C0ED67CF2
                                                                                                                                                                                SHA-256:7966F3D8A2D61ECB49A35E163781858E052C0B122A18A1238AFE27B57E2850E8
                                                                                                                                                                                SHA-512:D398C8521DB2FB3F8456FE792CF37472F3B851DD7298DB20E2DB79144F8E846D051878E77E5EF5D00E6840EDB90C6E2D97935BC1023A15FC45038CCE731E9895
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H.....iExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:13:06.............................:.......................................................&.(.................................3.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................u.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...W..I:..*....a....Aa ...w.T.M.v.........3x.......8Y....$.."-..m.I.0~sxB[@..=...:..\.Y?....@O.L;9i..U....?.5">+9.s\Z..vN
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):24268
                                                                                                                                                                                Entropy (8bit):6.946124661664625
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:d2wiieoHTRh5a1HAteZCWOZIM+L7WhNjYn:8wHFHJ+/OZIKhNO
                                                                                                                                                                                MD5:3CD906D179F59DDFA112510C7E996351
                                                                                                                                                                                SHA1:48CDB3685606EDD79D5BCDF0D7267B8B1CCBD5A8
                                                                                                                                                                                SHA-256:1591FD26E7FFF5BE97431D0ED3D0ADE5CFC5FA74E3D7EC282FD242160CE68C1F
                                                                                                                                                                                SHA-512:2048CBA13AF532FF2BCC7B8B40541993234BD1A8AB6DE47B889AF3F3E4571F9C5A22996D0B1C16DD6603233F6066A1A2A97C16A6020BEDD0826B83BAD0075512
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:19:29.....................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................$.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....)......[]t.\Z..g......A....&D.$LH._..X..Xl...`....cZ.X.........>......f.Z.X...]..~L.S..@..I$..I.IO.....x...s.g.[f.h{9..
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 262x277, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):3555
                                                                                                                                                                                Entropy (8bit):7.686253071499049
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:/h3JeYCQV5Hn++9HBdAjU78S/mjLLwqnqahJD:53Je8b+EBdAjm8S/mjLLRnphJD
                                                                                                                                                                                MD5:8A5444524F467A45A5A10245F89C855A
                                                                                                                                                                                SHA1:ACE68D567B02B68275E0345C86DB1139C0EC1386
                                                                                                                                                                                SHA-256:7D2B01F17354D9237A6AB99D5B9AFDF0E1CC43687125848B0C2DEDFB44CE3843
                                                                                                                                                                                SHA-512:8151B447B60D110C32EC1EF286B941FFC09B99140F41BBACF5A1650A385FF4D13C0DDB2878E9A470FC7CFCC95A1AB6E44F6DE72562B0FFE093DC8A3C3C7FCC14
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222...........".......................................2........................!1AQ.a."2q.B..#R...3C................................ .......................!1.AQBq............?........)&vD.)3Hn*..X+....r...tmL.k..(.E...R. .Z..&...,fJ...!...6..S\t3.=...g&..Bqe.)_U.....1......-..fl.................J...u.i.mU..K..v.w.0O..E.h..D~K.(..9.,8..E.}.............i.\.....t."v..q..C............<..|3.........................*Q..../c.....f.}8....D..|k..Z......0..~..c..e..m(...|.c..'.5.5............==bx.5x.8...T;....=.--.pc...I;.V.m..,(....}...NH.ho....Q..U.E$.~...w.t>.S\....'f.{.+.g._.t....;>.....P...........-..G.h..2...J.% !.E97Ir.D..N....j...oE._...._...".?.......#".S.........Q.Tc.I..*I..k.......=$.........sk1Jp.\K.....F.3.Q..q..J....N..[l.&....OR4bB|..2ul....J...B.$&H..9#j.f.n./........?R~....B.I.@..........m
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):22203
                                                                                                                                                                                Entropy (8bit):6.977175130747846
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:5q3R1VBvq3R1Flrk6Q0QPJJrR39joOVMJ25d1NkMhIwobbtAAAqYnLJZMJYZ2AC:xw6Q0WJR3FoOVMJIIlAAAqYnMJdD
                                                                                                                                                                                MD5:2D3128554F6286809B2C8E99DE5FD3F6
                                                                                                                                                                                SHA1:FC42CB04151D36F448093BDEFE33031A9B8D797D
                                                                                                                                                                                SHA-256:14FA2D16310485AA1CE41F6D774A3D637E8CF8B03C4F72990155DF274FDB6BD9
                                                                                                                                                                                SHA-512:D8531247A6E89ECABEA9C4A78F596CCE3493334EDF71AE4F7998FDDD0F80705948609C89756AB56FDFAB6D04DEC5F699A693801A772CA2EE2465BDD2CE5D2D5A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H.....XExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:06:24............................&.........................................................(.....................&...........*.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...H.....Go.Kxn.b..g...........%?_....O......q......7G......%%.V..8zm.].v?...jJ~._..>.......O;........o..rI.A.....n.a.........
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):40884
                                                                                                                                                                                Entropy (8bit):7.545929039957292
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:MCBOA4d+ElOXJ/3pI7cRBiL7L6qERqGz65WXzZqJsKQSbIsTT6XB:hIAU+2cGdLX6qBG4WDZl4Ihx
                                                                                                                                                                                MD5:7379775A1E2AB7FAB95CFFCE01AE05F3
                                                                                                                                                                                SHA1:3D3DDFD8AC7E07203561BAE423D66F0806833AB3
                                                                                                                                                                                SHA-256:9301DB6D2D87282FCEE450189AEACE16D85F64273BF62713A3044992B6B7A9E9
                                                                                                                                                                                SHA-512:4B5006E620E80D3A146944649CF4CA619782CAD7E8C4CD0D1DE0EBCA0FA05EACB7378DAFCEED3E26F5698B07F19604614D906C8F51F898660E2F129D8DEC6F62
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1A.....Qaq....".....2....BR#S..br...3T...C$.7(Hx....4D.G..Xh.cs..'..t...%...8.....................1...!AQ..a...q"2.4Tt.......R3S....Br...#s...Uu.bc.de..$D..6..C%E..............?...z...;sB.yv...........]t.\...n...../....m....M.=.3G+..x+.....S).*&.J../..8..O/+..sG...p...<!....~.c..C.w..,[oHom.wc-.J.~.......L[..6...'..i_..S;...!Y.z.q].EK..M.x...i.x.+.;.+...}....#......f.)........e6V..p.;........s.)..Ml.J......IU.6...<9+9.^..l..Y...[._...2..^..j.ia...._..3.;...~..<3...;......z.^.......]..Qk.,...Yk...3.3Jy^p.}....q...I...&..t.......;..9.g.GH;..'...%...)..[..y..../...zCn..>...'...1e.Y..;....]..7...N>t..m-.j.............H^..T\.q.ru...}...eTn]I'r.^].#..wOY....v
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):15740
                                                                                                                                                                                Entropy (8bit):6.0674556182683945
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:Elv3GG8/OOs+GouFdxMlxjoPyerzkpuOo2vPMc62PaJseZC+BJoS/:EtNiwdxMlZoPhzkpuOo2PMc6rX8+B6+
                                                                                                                                                                                MD5:FFA5EC40DC9A0FD10EB9E6355142D6A6
                                                                                                                                                                                SHA1:3D3D6A7E086B3C610C08F1F3E3F883604F06F2A4
                                                                                                                                                                                SHA-256:D74C3973C8D1F7C77274691AFB1AA934940674341D7EEE563BE75E563281BDFD
                                                                                                                                                                                SHA-512:6FAF2A24D06E6008F3579C7CEC90C2887462BDF83FAD7372FBB74B8DE90340B580E9836F309B68A9794597A598F7DCDA661C9A58DA6D8187C69083B7A17C9CD9
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!.1.....AQ..aq.g..8...."r....2.FG..#.E..7.Rb..Cc..D.v.B..3s..$d.%5Uu..&6fW'w........................!....1Aa...d..5e.6.q...Q..."2b.c..r3DE..BRs4U.#C.S.T............?...u.&0...cV.T.I...1..=4....Ce_.g.q.=F.M:>)...k..pm..h..=........S....)Ja8x...b.).=5.q..0......k.M.....1?-.G.b&.5..Ep.8t...'...R)..ta.F$bXO]tW.b.6#.t.XWN..ZW......].....G....x&&f..'L.....7...\...'.8...~`.sa...............................................X........qo...SMk...'.V...i..hb.}&?/.k.:>l.^....>Y...<}...&.jY.Gn.MKejyV......D......gf.0....t.nw..XQ...H.B.....=8.UkR.....Hm..w..]...k...#Z...F../.gjWvf.....w.aZ].2..5..^...VZv..._.7..a.|...:.B...,f...............~....m.;_.....-.e.y.w.[m.].bu.b.f+.E++\.....Y..7
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):59832
                                                                                                                                                                                Entropy (8bit):7.308211468398169
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:HS9SYFtN0+CRa9mfJy4zBAiIJhzrkHDV2hJK:yAmta+Tyy4zBIJW5WK
                                                                                                                                                                                MD5:DCDD543A4E0BA2C1909BA095D46FFBCB
                                                                                                                                                                                SHA1:B86C89537138FE07255354202D3EAD0B53B3C54D
                                                                                                                                                                                SHA-256:28F334B77068F71F5F92A95695433B950610204A0E5580CE567DB8FAD4993ECB
                                                                                                                                                                                SHA-512:5408C3259B7F3288A4BEB04342799AD5FE3A6F0EC7E92353B29B7E7E538DFA9903B39637226919E0421BC422635D25F5F8069DC7441864DC03E1B909BF5C2C84
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H.....fExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:08:07.............................S.......................................................&.(.................................0.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................y...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?......;R~+'....xh..~.n-}.......Te................^B..IU_....._...S......h.......!....9...A}6V=J......C..c.....Ug.Wh......
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):12824
                                                                                                                                                                                Entropy (8bit):7.974776104184905
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
                                                                                                                                                                                MD5:2628353534C5AD86CBFE57B6616D46DD
                                                                                                                                                                                SHA1:244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
                                                                                                                                                                                SHA-256:69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
                                                                                                                                                                                SHA-512:2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}*f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F*.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.|. ......EC..............1.\
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):40884
                                                                                                                                                                                Entropy (8bit):7.545929039957292
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:MCBOA4d+ElOXJ/3pI7cRBiL7L6qERqGz65WXzZqJsKQSbIsTT6XB:hIAU+2cGdLX6qBG4WDZl4Ihx
                                                                                                                                                                                MD5:7379775A1E2AB7FAB95CFFCE01AE05F3
                                                                                                                                                                                SHA1:3D3DDFD8AC7E07203561BAE423D66F0806833AB3
                                                                                                                                                                                SHA-256:9301DB6D2D87282FCEE450189AEACE16D85F64273BF62713A3044992B6B7A9E9
                                                                                                                                                                                SHA-512:4B5006E620E80D3A146944649CF4CA619782CAD7E8C4CD0D1DE0EBCA0FA05EACB7378DAFCEED3E26F5698B07F19604614D906C8F51F898660E2F129D8DEC6F62
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1A.....Qaq....".....2....BR#S..br...3T...C$.7(Hx....4D.G..Xh.cs..'..t...%...8.....................1...!AQ..a...q"2.4Tt.......R3S....Br...#s...Uu.bc.de..$D..6..C%E..............?...z...;sB.yv...........]t.\...n...../....m....M.=.3G+..x+.....S).*&.J../..8..O/+..sG...p...<!....~.c..C.w..,[oHom.wc-.J.~.......L[..6...'..i_..S;...!Y.z.q].EK..M.x...i.x.+.;.+...}....#......f.)........e6V..p.;........s.)..Ml.J......IU.6...<9+9.^..l..Y...[._...2..^..j.ia...._..3.;...~..<3...;......z.^.......]..Qk.,...Yk...3.3Jy^p.}....q...I...&..t.......;..9.g.GH;..'...%...)..[..y..../...zCn..>...'...1e.Y..;....]..7...N>t..m-.j.............H^..T\.q.ru...}...eTn]I'r.^].#..wOY....v
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 14x341, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):3361
                                                                                                                                                                                Entropy (8bit):7.619405839796034
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:zDqnxqMt6gGr/Nln5ANln5ANln5ANln5ANln5ANln5ANln5ANllHN6:CxqMQr/rn5Arn5Arn5Arn5Arn5Arn5AN
                                                                                                                                                                                MD5:A994063FF2ABEB78917C5382B2F5FA8C
                                                                                                                                                                                SHA1:BD5C4D816B04A2B6596DFE38DB01228F553FACCC
                                                                                                                                                                                SHA-256:D72900E8DA72D1A7F3729971AA558E1E9B6E9CF9A0D51E83852E567256DBBFEF
                                                                                                                                                                                SHA-512:CF2279033DD3EDFE6F6F9E5C517BEBD9A52863EEFD90F57F7A5AE0E0485E705254BE7ED6B50E6CA142669687727AE85E2E6035F69930B75F2E6D3EEFA961EF88
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H.....C....................................................................C.......................................................................U..........................................>...............................8H........59...$%&7F#'Ddf.....................................>.................................58EG........!#124$%&ACFbcde............?...n.p..v..a.~.._.>......#....8.....w.G...&.W...i...%6m..K;...4."...=..?.~......P..O...j.l..AW.jo..,..=d.h.ta..../.."...z|).J.......Ww._..<Wp.3+8...-5...G:..2.D..I>o..K.F;-.....#...`...6..T...M.....OOgV~..5...np...P..TYr...........b..{r.2.9..].DA.%C....=.v.z......CK."..R..l..y}.i..;.{....JzS.....~.?..Z....=c.h~*..p.@(@..G.....O.]...Hsd.xf".V]..S"..w...4e>....3*U.7..|M.x...|\......FD./.cIe.;.bId..+=...w.......[.k>....}.u...j.xZ.....Q4..+.....B....1O~\......I..h....LaXJ%&.w.<C...n/`.W..U.W.U.}~...}>..^.0.J.....@....LN.b.......5W...m].Eu...:....G..:4.=4ixx..@_0=.mab.T.U.....w..~.V.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 700x114, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2266
                                                                                                                                                                                Entropy (8bit):5.563021222358941
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:TuRCTP9rSTfIEe1HbcVY1YbDXq8eCI0bf2QQe0GVDQAzZw:aRCTN7HbcW1YbDXq+I07Ien0AVw
                                                                                                                                                                                MD5:DB8A181E3F0EAD4A9472099E42ED6BE3
                                                                                                                                                                                SHA1:92096AF05CC6167B1AA816811A1160B809393FA2
                                                                                                                                                                                SHA-256:E9746B4E9AE9CE7B3B0068779DB3E113E2DFC9880F25373D745D0E700E69A906
                                                                                                                                                                                SHA-512:A9E246E10E28D057090BA9F034ECE6131780D7F794C5C9421523388997C7EDFBB49BC32B863B6C6668911B359C304AA54969B48CB9234950D5CECD2A6F3EFFF8
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H.....C....................................... ! ..''**''555556666666666...C......................&.....&,$ $,(+&&&+(//,,//666666666666666......r...........................................5.......................!1AQ..2a...."Rq..#3BSr..C..................................................................?...X.....U...j...F.W.V]'KV.uWt.iT...{.......`.(.....V%..=.....z......V..ct+.U.B...@.............................................{.....5.........0...x4....c..;...........+......|.7E.%.9.1+}..d.........+.V#.P.HUL.E...g.li...8.>U.";0pi.]5.\..zo..."@.........................................y.6.mLN..S.....@...i..A..p.......~|V9.+.Xy.........+,L.....7Z7..p...-X...\.....:-...i....v.1...-..H....9.zk....l....^.......:.."^.t.Q.F...X..B..$............................................a.%f&3..1.5+.X..'b7bwr.).e.x....!...H...aa_..kD...b..g..p..K^.k..qX.[,.........Q...U..x...YMvj...w..:k.....j.W.8..4....c.u.}m.....o.=@.......j.S.t.|.....5h.y.%.~...G
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):25622
                                                                                                                                                                                Entropy (8bit):7.058784902089801
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:EhK81gTCyJ/Gf9Aw3t8w8EtdPeGDh6bEi1Ie1u4ZbvgwTwrSRh7ZKNpIGY:IjcRXwdJvtdGsUbEi1IeY8vgwTyC1+Y
                                                                                                                                                                                MD5:F8CCFC24DEB1D991EBE085E1B2D7D9BF
                                                                                                                                                                                SHA1:AF76C22A765434AEDA134924C517C84107F4FED5
                                                                                                                                                                                SHA-256:7354001527AB554C44E7D6981B86DD933B7DC2E0D3DC8512AD3EECD843245C52
                                                                                                                                                                                SHA-512:818BC3690B01B30BC571E4CF45EC8D1AFCAECBAB003532644381F1CF730A5B3486862D08F7579B2D3D89167AD7DF35028881245C9550B0DA23D1F81A720A9704
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!...1A.Qaq.........."2Rr.#.t6..B..3S$4..v.b..Cs.%5..8..cUV.(.DEe.&Ff...T.d.......................!.1A..Qaq...s4....2r..S"BR.3....b#C$.....c............?..D.."}:......&&...?3..W.q*.......]...m.Y.k1......K).J...uV.b.../.0.E.H..4..W_T.[t.V.w.9.x.qe.L..o.oL.....d.\.....6.|.o...}..H{Yn..E...6Y3.l.e..D.:,.n.%...t...m.........,+,..|..n.....6.*...f........6.../$../Vi..H...e.f.F.zn.).n.E..2sTn.i...Yb?6+H&...Bf..*....z.o.^7[..u.:o....t.s=.....(.s.....f.g....q9o.u1L.N...smzE..[>...+\O....j.<....j.c.W.............U..+.F/.'..W...T./W...>i01./....j.s."..Q...{...a._~OW...Rp.)*.e..W..Q4)<..'..W...q...'..U..z..g......U}...O....w....0F:.N..V.3W.|..'z0.]...j..U[v..g$D.Lc[.e...UW.m0+
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 171 x 552, 8-bit colormap, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):10056
                                                                                                                                                                                Entropy (8bit):7.956064700093514
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:edmu1fpj5DVHuooK4EpGLbAdT+dBXYBR8D1V2p6KwoPR6KUX9ojwRpgA:2Pp/B4LbAF+dBo/1E3S6JScpgA
                                                                                                                                                                                MD5:E1B57A8851177DD25DC05B50B904656A
                                                                                                                                                                                SHA1:96D2E31A325322F2720722973814D2CAED23D546
                                                                                                                                                                                SHA-256:2035407A0540E1C4F7934DB08BA4ADD750FCB9A62863DDD9553E7871C81A99E3
                                                                                                                                                                                SHA-512:BC7DC1201884E6DAFDC1F9D8E32656BFAEE0BB4905835E09B65299FE2D7C064B27EAA10B531F9BECF970C986E89A5FD8A0B83F508BBA34EB4E38B3F7F5FC623A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR.......(.....!..t....PLTE.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................4.....bKGD....H....cmPPJCmp0712....H.s...#.IDATx^.w`......$..B....... ....fz5..6`l\.8...Nsz{.//y./....{.7}g.....e.....~.......s...f.....%c...6....O.PJ...Y.oi...9..'j.2..6.-
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 88 x 574, 8-bit colormap, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):19920
                                                                                                                                                                                Entropy (8bit):7.987696084459766
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:DRSgtAxJx7bzvAsVSqQElOT4uHmpmvNYT9aPU+QtsC2LgfIqJZnbeyRB:DsgaN7bzvAsVdK4uGQFUZ6bU/p3
                                                                                                                                                                                MD5:1BDAD9B3B6DE549162F9567697389E1C
                                                                                                                                                                                SHA1:5D9C09159F07A3A9BDCC6C4B9BD9CB72D0184E6F
                                                                                                                                                                                SHA-256:0908A4CFA23F93011176D47F45843E9CA2973030421996E8E27484781F54B0EC
                                                                                                                                                                                SHA-512:475040779AC247BB5C3E11862FB55FBDDFA12D759EE86A33E11BC1F3B656D6CD0F9B25146C0113E43E1D8001D8867D3BC3BF7E6FE21F3A0016CB1F8B70B7A15A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR...X...>......y=h....PLTE..................................t........iw..............................................._n|...Tds...ky......................................................p~.....................................................dr.................v.............................................n{.......ap}..........x.....z...................u......................|..Vfu............r.....w........................................~...................Zjx...................................Yiw............w..|....................Xgv{.....y...........................jx..............\lz.........}..z.....t..[ky........u..y.....gu................................{..........}.....u....................~...........y....r.....bKGD....H....cmPPJCmp0712....H.s...JfIDATx^...\.W./.}....Sy...(..4....D.-.....H...% .$"D.Qr.......`..;...6...N......s...^...L.....Y{.GQU`..~...j....{...-Ax.K..&.....F..I\i..
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):12824
                                                                                                                                                                                Entropy (8bit):7.974776104184905
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
                                                                                                                                                                                MD5:2628353534C5AD86CBFE57B6616D46DD
                                                                                                                                                                                SHA1:244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
                                                                                                                                                                                SHA-256:69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
                                                                                                                                                                                SHA-512:2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}*f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F*.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.|. ......EC..............1.\
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):68633
                                                                                                                                                                                Entropy (8bit):7.709776384921022
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:tapXpSTJDOkFGdJdBk/slsbfsw1imaapnbvD8:U2OjJr6b07m1bvD8
                                                                                                                                                                                MD5:41241EE59AB7BC9EB34784E3BCE31CB4
                                                                                                                                                                                SHA1:98680761A51E9199CF3C89F68B5309FBEC7EE3CB
                                                                                                                                                                                SHA-256:035B26DF61855A3F36DBD30FDAB0C157C04C9E8AE2197EA4D4AEB3E82E6A4C2B
                                                                                                                                                                                SHA-512:3EE331D5BCEE4AD5D3FC9661D4AB4053F7D351591A094334F963C33C9D0E32CCCABE9334AD7C308108CE99617E064FE848DCD469ACD8D83FBE5C4452DE523D8F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:05:55.............................d...........j...........................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?../$.W:SZ./...9.....-...u......r.....].c...@W_.7...+......v.+PD.I..-<1.pDn-\.....p.$....0.}V....\..>.~..XN.o..l(E....ik..o.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 76x97, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):784
                                                                                                                                                                                Entropy (8bit):6.962539208465222
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:869YM8fij0W/xfuCp7ovv1bidiMn3bGi6AETQcdH8SADjoZgV6v9jUEvS3/g:N9YMWeI424diMn3yinsQeHvADu9QEvJ
                                                                                                                                                                                MD5:14105A831FE32590E52C2E2E41879624
                                                                                                                                                                                SHA1:078FA63FC7DB5830E9059DF02D56882240429D90
                                                                                                                                                                                SHA-256:D0A3A1C3CD63C4023FE5716CBE2C211307D0E277E444D9EF76C7FC097A845FD4
                                                                                                                                                                                SHA-512:8FC0ED24E8EC14C46EA523D9265DE28F85C5FC57AA54AD5B9CA162E95F79221E2AD3DD67D1293CF756B67F3D3DECAE122254134EA8D4D00DDED02114B5383947
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......a.L..".......................................-........................!A."1.Qbq....2Ba.........................................................1............?.....3.Ty\......vs....>.>..a.W..s89.d...Z}......rz...`...Z.r.do....u.W.%....gf.>.L..xz....B8=w...g.~g."HD...$..IKJ......nn..*ly..I....L...\q...Q;6.KrxZ.,...j$..ZQ..)f...q`.*..C1..cZ2]-..\.~..J.....^..(.f..9m?..C.NI.UL..X.fy.Z.........+n....r."Z...d..R./\.#...kd.D.5.!...h.3*s-+.......Xjt..}i..rK..y.../>u..]N.....Y..J......1.x./.....F6.......I...._3...k.sM.+..v;.%|.f.~.......:y....S....UKovh...W'........lF... .................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 613x144, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):29187
                                                                                                                                                                                Entropy (8bit):7.971308326749753
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:RwjBOlCk+nYnGagKJWJhwMJiRO22ZIm4VXvXx1tA6BQs:i8snY3JW7uROlEfbtVL
                                                                                                                                                                                MD5:DF99CAAAB9A7DE97B63343E60A699AB6
                                                                                                                                                                                SHA1:B84334135CFB73BC6EF55F85926770D5AC6DFEA8
                                                                                                                                                                                SHA-256:74C131777E7C437FD654427417097BC01B0813BA8E1E50E4B937BD50A1BEBCDB
                                                                                                                                                                                SHA-512:5D15AAAA8B71DDFE01A7C0ADE16D9E1F5E9AAE484BCD711B38CCB103ED9564CAAC23A0031471167B660E15972D70179C2A387509B213C05D60261042A0456025
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H.....C....................................................................C.........................................................................e..............................................`.............................!1Qq...2ARa..."#.....3BSbr...$4C...Tcs......%&DUd...E....56Fe....................................H........................!1Qa..Aq..."b....2R...BSr..#...3..Cc....$%4...............?...b.d.8T1.;#.S.DO...~.R.......3.xe...z.6..."m..k...;*.'.f.5^.....m..<$....8.R.j.D.v..>...*dT..vGbt...I......sEWp.r3.. ..G...6.....w...l.S..q...b.....-R....^Zu5+u6...A..Z].:...5..Uzn.,l.L.....?%.*.S.+zVg7.=.s.Q.....8..:,c.......ZE...>'IF..W.0.d.......c.e.d.V.t..S$.DNR.[....g..#i.$. .U.SK2.....k...J5u u\R.....T.[4..A.O..,.T..................] .i...B.m.^f....._...{S.....<......:..|D...+...NA....Y.^f.1|..%K~1..B..^...S..v=.c..g.tX[..kTJ..t.gr....R..@.F....5j..2.K.9..g.1N.....*.U...^w......>+.l.v...@N....%Qd...t.Ni.....0;lggm...K".+!.,.....[J...>..?f.]._;
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):32656
                                                                                                                                                                                Entropy (8bit):3.9517299510231485
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
                                                                                                                                                                                MD5:DD4CA4BC0A73FCB71BEBAA3C29CB8F66
                                                                                                                                                                                SHA1:1A7085771D7941540EC94A1BD24D7CC8EA556D4B
                                                                                                                                                                                SHA-256:0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
                                                                                                                                                                                SHA-512:5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:....l...r...1...*...^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+*@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+*@..$..........?...........?.........@.......................}*E
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):32656
                                                                                                                                                                                Entropy (8bit):3.9517299510231485
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
                                                                                                                                                                                MD5:DD4CA4BC0A73FCB71BEBAA3C29CB8F66
                                                                                                                                                                                SHA1:1A7085771D7941540EC94A1BD24D7CC8EA556D4B
                                                                                                                                                                                SHA-256:0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
                                                                                                                                                                                SHA-512:5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:....l...r...1...*...^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+*@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+*@..$..........?...........?.........@.......................}*E
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):55804
                                                                                                                                                                                Entropy (8bit):7.433623355028275
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:gVvci05lhVbfBcWvBLeynluexaWqzww/u5:gVUZhHDljaHww/u5
                                                                                                                                                                                MD5:4126992F65FE53D3E3E78F6B27FD49DC
                                                                                                                                                                                SHA1:BC0D76B69310DA9B909D3EE4CECBFE5F386BFB45
                                                                                                                                                                                SHA-256:3FBE3C1C238BD7DBC67F8CFF5F3BDDFD513C96A9851B9616477947D21DFF4B2E
                                                                                                                                                                                SHA-512:624853F5E56D224C8188F122B2C4724F867D4099E7FAAFB9C945BE7E2907900ADCF4AE97AB08909CF94E96FB6F381E3B6396D560D93EB2731E4E69CBFE628F10
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d..............................................................................................!1...AQ.aq"2.....BR..8x..r#..9b....3....CS$.'.cs.......7Gw.(.4%5&..Wg.h......tEVfv..H..........................!1A..Qa.q...."2..u6....BRr.#...b..3s..d...7.Cc.$Tt..S4.5Ue..&..%.................?...,...8..{..S.y.N....%..q.8..H[5....o..xg........)c(.eO.YO..._D..x.U.....%.S.r.r._.^..Su.h.Q.t.:.#?....x..B.S...Q.....oqF..%..8'.qx....%.2JKjF..{y.w0.*a.RMb.c.Q{%....eW'..[IV..'ZW3...[...MN.....rO.:....$.i..7....Vrrr...I.r..M..Qo..j....q.^...N...J......%.J..)F...>$.....u........o...+......[...*..t....R}.I..R..S..GB..:......).6_[^Xft...F.1.....zP....,.#....MG.T..Q.F.....)Fi../.I...,%.voEb.b.Z..V3..FT.}..[Z{....wd.z.e.....QwW(.).t..\..'....:)<W.<..&k...caRT.X(..K.....:f...]...q..
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:12:29], progressive, precision 8, 598x766, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):70028
                                                                                                                                                                                Entropy (8bit):7.742089280742944
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:ub4bgbB7g9cKCmSzaNF0jAdAzQKTEFBQqUp/i0yG1pidLHTVX:ub4bIB7Qg2OjbzjgWp/i0yGCZx
                                                                                                                                                                                MD5:EC7811912ACA47F6AEB912469761D70D
                                                                                                                                                                                SHA1:C759BC2D908705D599B03BDB366C951B11F99A4E
                                                                                                                                                                                SHA-256:FBB4573E3BEE1B337077691BEBAE15D6FAC52432405D31396D526D7694A8283D
                                                                                                                                                                                SHA-512:881828150993A8C56E36CDA2051D89C1F6E0322643902C9506392C163E8734A2933A46486F40E5BC8C8D0164E180605E52620EF22FE14540AEA787A38B22E98E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H.....7Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:12:29.............................V.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................}.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....H.yM..? .Z.. .^.x..p.8.A...K.... .\{..)..y....t..=.^y)..v.@.W>. .h.. ..p.:.\)(.$....$.I).....!....E..Z.....&.5.).
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):14177
                                                                                                                                                                                Entropy (8bit):5.705782002886174
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:EbgGcV/hlvpfal7rgYa8S7auAxwfuSTmCSNoFQ6NO7L:EbgGcVnpwimnd38FdQL
                                                                                                                                                                                MD5:7CDCE7EEBF795998DA6CAC11D363291C
                                                                                                                                                                                SHA1:183B4CC25B50A80D3EC7CCE4BF445BCFBAA6F224
                                                                                                                                                                                SHA-256:DE35AF949D4F83E97EE22F817AFE2531CC4B59FF9EE6026DCA7ECEBC5CF2737F
                                                                                                                                                                                SHA-512:560FB15A9C12758D11BB40B742A6EAD755F15AD10D6C5DEBA67F7BC8A2AE67C860831914CBCBCDED9E6B2D1D5F26A636B9BCEF178151F70B4D027316F94F27E1
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!.1..A....Qa".q..2.....&...B%6.'..R#3.$E.r457bS.DUFV.Wg(.......................1...3.Q..2Rr....s.4.!Aq.S.aC5B$%............?...n.Liq.}.{#....3/gg.1.M +..~3...q..+=..:.g.i1;P)7.....q..n.s"p...wx........v.t.f;..L/..~....y.r[.r.....n.n3..6i..g..}../........3..x.L.i?We..l.......~..<.;..6..o.....N.t.o6.l..~.......<...m.V...Q.7k.u./wq.t..;.I...}..{...>.L..3m..a....yd......6~.f..~Y..}+..<.[w..'-..?.v.7...v.u..4.......1];..u.MO.......s..p..ms.'.O-o...O......m.k.e....)t....i>..E|....,iOyD|.{......g.n...cu....=..........h.\.Q:?g/?.I.3._...t...d.n.0.%y....S.Q....S.&K.w..&wY<....%.g.v.....$y..#,i;.=...t...I6..yO..o.d..w\k...~......)..rK.......].u....N....e.s..kU.u..'}
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 70x626, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):3428
                                                                                                                                                                                Entropy (8bit):7.766473352510893
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:/hdu7isPwAp7zesusUyYAatNG87llTONQYS:5di5tfuQ9atNZlaC
                                                                                                                                                                                MD5:EE9E2DF458733B61333E8A82F7A2613D
                                                                                                                                                                                SHA1:A86704C969F51B86D6A05ED51C6C60214ED9FA89
                                                                                                                                                                                SHA-256:BE4F0E6C89FCE91B9EBD2623567F7DFC259E0E3C77C9158742B8F64B724DF673
                                                                                                                                                                                SHA-512:BFB5D6DD6B66EE21E946E90D1E482384CD10244308562DDA814189602681DADDE5752B80519E5B8515F115A71BD6BB4317A59BE65B8B5E3474AED119F8303569
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......r.F.."........................................H............................!Qaq.."12.....#3ARbr...$B...cd...&CSu.....................................+.......................12..aAQ.!#q.."................?...#...3.Za......rV.5&...../"..i.t...j..W........d.FL.V.2K....]t.f.d.NK..:.....f...... ......2.[...#..D...ZK....p.z.E.N..T..L.-....1....2.\.6FIr2..zS\U#..........fB\t..5J..~q...D....A.......!....MY..../.HY..../e.M.Y.n.~..,....'..Pc...l...d2..m.f.it$..qx-z*...._..].cOO....n..&.....FIA.....2J2..d:<qc..6.I.G.N....f.K..Dx.-.......`....2.FZ."K7.r}..<.P.Z.da.Y.....8..s....G.....b.e..g .S.......FL.Z,&..q.MG.J+..x\..m...qN=.....)..`...&Y...S....u6{.z.g.....@......FL.ZL&.Iv.w..8....U..v...*.q.B.v_./A..#.#.g.j........*J;...u...W.Ao...%....#$.....M..^\{W.SO...s,.N.....c).,.B.Gv...."k..z."..S]H.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 95x498, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):3009
                                                                                                                                                                                Entropy (8bit):7.493528353751471
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:aRCTf+0hagMrbAZMJShPdvF/5OzlQFlDF7npkDdWvVBTEnBLT6NrgCX0:D+0YgMrApL553JtEdEVcL2NcX
                                                                                                                                                                                MD5:D9BD80D40B458EDB2A318F639561579A
                                                                                                                                                                                SHA1:83BA01519F3C7C1525C2EA4C2D9B40F28B2F2E5E
                                                                                                                                                                                SHA-256:509A6945FACFB3DDC7BE6EE8B82797AD0C72DB5755486EE878125A959CC09B59
                                                                                                                                                                                SHA-512:C368499667028180A922DD015980C29865AEF4A890C83E87AE29F6A27DC323DD729E6FB1C34A2168A148E6A7A972F65A5FC8ACE6981AF1D4E7057D99681CB366
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H.....C....................................... ! ..''**''555556666666666...C......................&.....&,$ $,(+&&&+(//,,//666666666666666........_.........................................:.......................r.!12BQ...3Aaq.."CRb.....#4$c.S.....................................................1A............?..p..-.....u0$.......l......)..o.FTd..DG....... .t*e..jO..Z.U......r..j.O.,..VD./.....V5D.&......A..Zi....E.N....*..........#..M<|.2.Y.../QO.x.cTM4......+.F;V.x.de*....]e..O.x.c\Y........r..j.O.,..T...hw..k.^.[B..J.sEl.w.x.m.5%zzt0..T.......b..<\.3Q..W</..!.xh6..Z..\.+M.o.Y..1............#.........|.a.l.KR>..U......e....@...\.1Z...Y...[....F.6.t.#..Z,.x.Q..[`.X......#........W</..TM..-H...V....Tf..........r..j.x.df.f.....#..l.KR>..U......e....@...\.1Z...Y..Y.us....D.)....Uh....FkYm.m`P...W .V.g..FjVj.\..1Q6.t.#..Z,.x.Q..[`.X......#........W</..TM..-H...V....Tf..........r..j.x.df.f.....#..l.KR>..U......e....@...\.1Z...Y..Y.us....D.)....
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 30 x 700, 8-bit colormap, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1547
                                                                                                                                                                                Entropy (8bit):6.4194805172468286
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:dZeDNYbS+238CTUFPA6SXG5qSacX9q73eXu0vC3dU+OB2gbwHRuZ:dykp9FzBBacXQ3uNC3n7xuZ
                                                                                                                                                                                MD5:0BA36A74DFBF411FAB348404CCEC3348
                                                                                                                                                                                SHA1:4C619790E517416E178161028987DF1CD3B871CC
                                                                                                                                                                                SHA-256:2E7AAF26BEC32148B96442E8FFF1BD2CEF2D72630969F23B9A2ABEDB6CFEC93B
                                                                                                                                                                                SHA-512:90AF53DB7C413E2ADB970AC345F73E4ED8AF626E179C929E6560118F7A9E98DC7C5FF02B2B3F6C98D397E0FE2D85F3427C6928C328872149E176FA8A99E91F54
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR...............\....PLTE.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................D......bKGD....H....cmPPJCmp0712....H.s.....IDATx^.WSTA........b.0gPPP0..E.9b@L(.c.N.U>..@......;...}..B.(....$......5..XS...I....).!....D^.uE...\..5........F."o..-...m.n. .^.....q= .
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 177 x 123, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):65589
                                                                                                                                                                                Entropy (8bit):7.960181939300061
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:2Hlrjw3xL//DPgff+9j6yPWvHMHjkbfnwHO3AW3GL:2H2zDUU+yPVHITwNfL
                                                                                                                                                                                MD5:8B48DA9F89264D14B83FF9969F869577
                                                                                                                                                                                SHA1:E1BD58E2D80FEEF56DC514F3F0B3AB9669F22F95
                                                                                                                                                                                SHA-256:62AD3C277E54F03F1ADB44062407346F789E63859B7AFABFD64BE6AF5E9F66EC
                                                                                                                                                                                SHA-512:03B783EC968DF3F648504D068D64DD1AE110E28110FE5B3401C9D04F44897DBE0CBB5680D42CA4C665FA94A6CED4B559106EB3C06C9BF2C5B14951ECBFFAC8AE
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR.......{.....;Za.....sBIT....|.d.....pHYs...........~.....tEXtSoftware.Macromedia Fireworks 8.h.x....tEXtCreation Time.05/15/06.8.p....prVWx..Y=.+I....t.y...,^vv....;. "|. .i7.....$.2g..']pH@p..]b....H.H.......d'@ B...U.xm..3{3k?..5n.._}U...3......~..>...g.....f..t...t:...p>..Si..d:..k:.Lf..t6.K.i....d<...x.8\.8.+lc...)i.$.r.....x.t.BG.R.cm.c...p.:&.6.4..K.......^...~b].0....oBYv..u.'.=.K.Q.g)6.....4.!.M......4.=....G.%.Sr........nxC.F..t.U........1...J.t..eQ....".... |...81.$D.!.>...........$...^.vY..EY8tb..'.P.g#O....S*..0'.V....x.W..........k.......s.C.S...J%.iVb..].........3....j.}*.z....+.s..@..K.....\x.C..e.Qq.....;N.....;....,....^.*..$F..{G...8.#....8'..&....8..5.....3(P._....S......|".....u.cr....+a-....&V..x...iI-<|a.{E.c.X.......?..&.C....'........(.x....>...M.?.9..#X......l...0...Z.F..<.z.0}Q..Z1..........?h..`E$K.2o.A*c^.......*..D..uL=.}.#*0.. M!.A.C......|_..(.Y........!E... .O...`;....M+..x.u~g...q>...N."D^..K..x..D.`.!.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 85 x 470, 8-bit colormap, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):11197
                                                                                                                                                                                Entropy (8bit):7.975073010774664
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:p9wNdtRKcVHso6zsqm06xaqZdingVzLZ7/PGSIz/yycRTbChh/JzhbEx15RGb:mdtMcVHqgAqTinMzLZ7/uSIz/yTR/mhF
                                                                                                                                                                                MD5:DDC3CC30794277500EFE4BC6667EC123
                                                                                                                                                                                SHA1:EFC9642C1F95B5FC38764476AE481649C016FA0C
                                                                                                                                                                                SHA-256:7F5B660A1A0BF46C75AAF19B4F77A0E086DE003EC03AFC1F58D871D55AA5BA9E
                                                                                                                                                                                SHA-512:25232A84604C3959634D33090238FEC8D51E40AD84EB3A08BB8522A81BE1E83378649C014E98E1DFCDF46B7BFAC92D8D2429211CD11D7EE0334C9C3DF7C1B6A6
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR...U.........1x5.....PLTE....................................e........................................................s...............x..........................o..............................................................................................................................................................~.............................m...............................................j...............................................p.......z......................................................x..............|........................................v.......................y..........................................................h...........................................................................P..{....bKGD....H....cmPPJCmp0712....H.s...(SIDATx^.}i@S..N....h...!..)....AI%..p.L."a..)..`U..,h..:O.b.:.j+.Z).b..zN.s..{O...&|..N}...${....~.....k}.[k}{.o^.D_..W:35ly..7rL....6n0.A...b
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 77 x 627, 8-bit colormap, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):5136
                                                                                                                                                                                Entropy (8bit):7.622045262603241
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:djzuNKb3XHco17p2wolIxIx7lpskdsC/ddWNKeabJbMojpxLDTu1:VzuNKb397pwlIxKp7qs3bJb5FBTw
                                                                                                                                                                                MD5:FA38AFA965141EA3F17863EE8DCCDE61
                                                                                                                                                                                SHA1:2B4611E651AF7549C1AA73932B1136B561A7602F
                                                                                                                                                                                SHA-256:E1CB1A0EC9BE62D5445C73AA84DF38234002A7E164EE830C9DF24997802CB5D2
                                                                                                                                                                                SHA-512:A372674F5CA343321BA9C413D346070709F7685706C9C6C3DC7F61846B59253A5E6FE800DBA10AE870FD3887439B2AA106FBBB51751E92A163938A4393C43E28
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR...M...s.....}8nv....PLTE.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................z`.....tRNS...................................................................................................................................................................................
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:27:10], progressive, precision 8, 102x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):52912
                                                                                                                                                                                Entropy (8bit):7.679147474806877
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:DB/nIviNJD9C8kfJj6TkVr4q24FsUpjPc021si:DdnIvi3D9C8Cl6Dq24ayPCz
                                                                                                                                                                                MD5:1122BF4C2A42B4FA7F29D3C94954A7C9
                                                                                                                                                                                SHA1:3750077A830FE21735A43ABD35C63BA9A4D4B0DE
                                                                                                                                                                                SHA-256:423B0DD1A93B391D15B1DC8D8757C3BF5725FF2E7A59E6E3140033E2876B67F6
                                                                                                                                                                                SHA-512:4626EFE2EDED2361D6296B57F994DC434CC9D02357A8A6A67D84A544FB8A1CFE0005EA98F846AB963BED7F2B6CE96BC9181182C9459843A52A98D3A731A4FE73
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:27:10............................f.........................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....]+\.9.9.P.d..Z.?~>.-...]6=....*.......S.9G...b<$..Z..........>.v.o:.o%.e...z.F`...[.wo..z.....k..E...5....G..7.......c2..
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):84941
                                                                                                                                                                                Entropy (8bit):7.966881945560921
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:X3sWfhTVd+xu6rA6SOONM0/YFXnviDwoPCaNSm+z/ze/fWNj7GfigeKyCGzw+QKW:nsOhdDJOwY1voPCaom+z/zeHAfGihCG8
                                                                                                                                                                                MD5:CB84C108A76C2AFFCAC2551A3C1EAD56
                                                                                                                                                                                SHA1:8BB7C2A12B056C1ED12EBBAE5BC9F60CCE880FFE
                                                                                                                                                                                SHA-256:139BB0E79F89C3DDEF79B1716A5FBAB4C07DF5785FB3CDF6B4EEDDBF6C078452
                                                                                                                                                                                SHA-512:6EF85144E9A7ACD0FF2E52A5FF42093153EFB69127B1C8549EEBC49B6CC196A46B65EE39A2CAD0206F6A41476D8B5B35D29EAC9942B8F84972B32E14CAFEED27
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d....................................................................................!.1A.Qa..q...........".2..BRbr#.T.3C....S$.cs.D..4%5......................!1A..Qaq."2..BR....3...b#.r.C4.............?.......m.q..'O.....r......_.1....8h....?.....O]~..k......GO...''._...!....o........''..g..H?k.......1...?.....z......>...+0..................GO...''._.........}.O.Z|.L?...........?.........[~t.......}......NO.....v.......J.......?..g..H?k......GO,m..r}o.z.....}......dC.9?..g..H_..........?.....O]~...m...C?.z..f....W.=u.B..m..C.-?.a.....3._.?.......o....np.M....g..H_............9?..g..H...../..kO...''._...!~...o.....0.M....g..H.........../......O]~.~...o.......7..+.... ..l?.}........&....3._./....?.........W.=u.C..m..C.+?..o.W.=u.A.^.O....:......_.........}..t
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):41893
                                                                                                                                                                                Entropy (8bit):7.52654558351485
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:pZvVQkUbOHxx3pvVmO5rsP5gUdXwFMuv53knzyncaXgRDqPU:pZkijV5wScXwFMYknzucaXgRyU
                                                                                                                                                                                MD5:F25427EFECFEE786D5A9F630726DD140
                                                                                                                                                                                SHA1:BC612A86FF985AB569ED1A1EA5FFC4FDB18FC605
                                                                                                                                                                                SHA-256:5A36960DF32817E8426BD40A88F88B04FB55B84BAEF60F1E71E0872217FDB134
                                                                                                                                                                                SHA-512:B102F34385196D630F198667E874F25ADBC737426FDAE0747EC799B33632E5DC92999C7C715DC84D904342738930267AB1709870BDAA842243E4C283FE5E1554
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................!.1AQ....aq......"......2...Xx..9BRr#.b3$..&..g.8....%F'G.(H.Ss..D5E..v..W..Cc.deu..7w.h.).....................!.1....A..Qaq...Ttu.6..."R..5...2B..S....bcs.Dd%&r3C...#$...Ue.............?..R...%.R...t.MQ*.l...v...V]..n...Zw....M....4..F.&&bb0.:]l......ay.r<..3.l.Q^.........I54.N2.8..2s...w..r6.......[1Zh....O...9..>...B......x]...r.\.\..v..~....y.QT.3.......=....r..}.l.....o;....M..C1....w)...+o1f.]...MoA.E..s5..i.\....miGsy..m\.Zj....I'YU.\tU6La5v.>.K..m.]1.......k..0....</5v.V7lY.e.vV.+./[....f..u{....s.}.Rb.Z.....Y.6]..m....V.\...Mr.=r...K...l..%..m^.......X.(..fG..[F*ly.jL.a4..vs..o.e..q.9km..w1.yg.....r_.*h.n..5i.-.{Y.l...<...'Or.s..Z....../JP.....\FV.S..............m
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):53259
                                                                                                                                                                                Entropy (8bit):7.651662052139301
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:dCiCBBenRYWDBCipMYGTbYGLHbXxoP/qEF+MU50qyJ30h2W474S/Aq/xc4674bi5:dCiIQXBCiwbDLHD0/sFyVel4Pi4UgE
                                                                                                                                                                                MD5:2EE369ABB7936F8C28FF0ABDD224EA05
                                                                                                                                                                                SHA1:FE9D304A7B49E31EAE439369ABC548E265149636
                                                                                                                                                                                SHA-256:FB12D59B8BE911247BBAFDD416852E8B74B028005A141CB4DBBBA109B4B6ED2C
                                                                                                                                                                                SHA-512:5CF396CA472C32AE988600176114106CB1619404DD899A3867A5AB43DC90583B771EF69B14EF50E56A21F038BF51D8463C6ADD2DE9D4CB523F6290E24A4DECB3
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..AQa....q........"2..R..Bbr..#S....3$.....C.4v..(X.DtEUV.....cs..Td.5uf'Wgw8Hh........................!1Q.Aa....q.2...."R...r..3.t..U...B#S.4ub..C$d.5Ee&'7c.D%sT..............?.....?...k,lk^...M".Yo5.Qp.&s}b.m.:...W.x}.*.a......N1..d-n.-..^..b..TZ.W..."....F....^......ve5...^...2.:i...........~u2pK.z./&..u..L[I....Y....@y{|>..MN=:....Q[..H....a........|%..4fV....).....^.9b.f...F...p.=.W...aZ.........Z.t.n.....z3..[..lVh..\.N-.._.sK.y.._e.G.jig.a.7^....u...*.p.5.a.].........u/u..D.yl.XA..f.z..~.x.....N.....b=.uv.2.t.'.N.-.H..n.v.a.A[.Z.....T2...._...:....h..l.E..sm..a.3I...RE...fWb.Ek.0.#.)..Y#T...........u{....U....s.].7_H.2.`O6...P......}..4LR....]4.mid...
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):32656
                                                                                                                                                                                Entropy (8bit):3.9517299510231485
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
                                                                                                                                                                                MD5:DD4CA4BC0A73FCB71BEBAA3C29CB8F66
                                                                                                                                                                                SHA1:1A7085771D7941540EC94A1BD24D7CC8EA556D4B
                                                                                                                                                                                SHA-256:0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
                                                                                                                                                                                SHA-512:5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:....l...r...1...*...^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+*@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+*@..$..........?...........?.........@.......................}*E
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 813 x 99, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):99293
                                                                                                                                                                                Entropy (8bit):7.9690121496708555
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:Moq1jVORV5NO5xLCBaaNk4vhpCr1CH/DATOQlWvHMHojiaAMrxArLFRZPj19AWFz:eVEbouBaIk4T8uDGOQlVHvaAMkhDh95V
                                                                                                                                                                                MD5:EA45266A770EEA27A24A5BB3BE688B14
                                                                                                                                                                                SHA1:9F0B23B3C8EBA4FC3C521E875EF876FBE018F3C8
                                                                                                                                                                                SHA-256:EDAD0F03E6FF99FEF9EF8E8B834CE74F26CD23C5F8C067F5CEE66F304181E64D
                                                                                                                                                                                SHA-512:D4EE36BDA897BBD643A699A0332DD00DE9CDCC6F46D861789BAD259A4BF87868AE3B4CFAAB6DFAF29941C7055B77A95D76BAA86A4A0DB2BF3BAF7E3317F03EB9
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR...-...c............sBIT....|.d.....pHYs...........~.....tEXtSoftware.Macromedia Fireworks 8.h.x....tEXtCreation Time.05/15/06.8.p....prVWx..[Oh\E...y3kv........`.%m.R..6.1.4).o..Ki...D.......P!.].=..K...C[....f.}o7VPJIg...{3.|....d.....i..=.4.u0...n y......@j..Q..f)..mQ...4-SJ..9.d.?..5\-....:b.W..i...c.5..{..pj#.....B1C/.I.......].Su.k?.2..:.9Q...5.U...UZ...e..U.c],..2.}...1..)W./..Epr.Zt.....K.=..{......e..."...v..B.4.#....A.V1.".V}t..[..2f..Y..V9.".6.......(..gbm.P.....Y%2.c.z.:Q.2.<tYF.....u.@..KJ.;u.q:.].....$.....V....Hqk..DW.l.e.j.Z.YP?:'R..*.<........6...m@..r..j2..HK"|..L.Nc..D..y.9..B4$.......`.3.m1LE....7(OU\+./.O...%6T..w......h....).I.&n...*......#..W.41...5.#.`..I...<.?.|..*+Q.....#i........$,..n...`.s....[..E. T.w..j.,&-.r..;a....#.>(.P......f...MU\3*..;B....)..5....z..(....-...a.....}y.l..E...z>......&..g.$.....*T...N....E:./.>..#...^..E.0..%......(..@..W.X.NDM.<~.]A.>..fW.O.y.'...Z...h..).F..
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 50 x 500, 8-bit colormap, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2033
                                                                                                                                                                                Entropy (8bit):6.8741208714657
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:P37XYSDTz+UUl7DHt7Ah8l1+4ZfFclFUXwobKXlZr:v7j3z+UoDN0h8ugf2AwobMN
                                                                                                                                                                                MD5:CA7D2BECCBC3741D73453DCF21D846E0
                                                                                                                                                                                SHA1:E34B7788498E33FFF0CFB00125E6BA9E090F6CED
                                                                                                                                                                                SHA-256:E9EAD0BFC09D32CB366010CDFEDE1C432A2D1D550CB7332BADAC1BEE9482BC86
                                                                                                                                                                                SHA-512:7FE2C3654262B1EEBED4F6D83DA7D3450E1BE52500A3964185FC0092041506A237A2728E5D7EEA0A3814E413E822B803B789C49CF744D51816A2E4EDE5B4247B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR...2.........H'......PLTE........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................[....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.\.W.G...=a.ewA..a.!r( ...%Dc..x.x....N.OO...3=...S...........~.z.D.0...g.2P.7.*M.#'....z.......3TPj.Z.[5....V..z'L3...a.j9..C>..9.z
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:26:15], progressive, precision 8, 216x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):64118
                                                                                                                                                                                Entropy (8bit):7.742974333356952
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:ORG4azGOKXzkEmR4bdRSbxONOoz0khbSb4J/5GZK5SWUlRwUYdv1M:ZXzGXzJdhRmgHfIb4J/5GZK5SWUldYdq
                                                                                                                                                                                MD5:864EEA0336F8628AE4A1ED46D4406807
                                                                                                                                                                                SHA1:CFCD7A751DFDBE52A20C03EE0C60FDFFA7A45B93
                                                                                                                                                                                SHA-256:7CE10D1EA660D2F9CF8B704F3FAB2966A4CE2627D9858D32C75D857095012098
                                                                                                                                                                                SHA-512:0CAA0C54C14571C279A75F0D5922F78A17803CF6EE1724D66819F7F5944C0F5B25CB586BB686A52808CDF2F8FEB3E4864052A914884054EF7DE44124A8CA951E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:26:15.....................................................................................(.....................&...........s.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................#.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....NC+n....<.=.7..&.8A56..@^.Q..\\...E.>..".&G.......J .'....$.I)........0.../..mv...D....<v0=..ugc+..l.o...=.c.......x.&D..{`8...v
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 814x105, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):12654
                                                                                                                                                                                Entropy (8bit):7.745439197485533
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:JheN2cq6MLu6MLGu54cHeNzhcmhcDu53eNE3UPkhrxvu:Ji2Wix7fzVsbE3Zm
                                                                                                                                                                                MD5:4BCCCDBB4273ECEBE216C84930A8D0B2
                                                                                                                                                                                SHA1:FFBF617787E27BC94D9BAF89F2FE34A2BD42794B
                                                                                                                                                                                SHA-256:474F9A8C25D5E21192315397EA995B1E11E2C1608157C6E0277688091BFD136A
                                                                                                                                                                                SHA-512:DAD73A8C0E293B88685C0C71EF15E0DC95EE39B7FC9F849DE5D634173FD9FA0AF0AA96742D9E94BE03556AA4A817D5001C95A6736EAD5D5DF03661876785EB74
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H.....C....................................................................C.......................................................................i..............................................E.....................U....V...f..ASTc.......de.1Qq...!Rb....Ca."r.................................B....................b....Ra.....!Qc.....AS.1U.."C...2Bq...$#3%&.............?......3.....~......:..g..s"......:..g..s"..ic..Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. ..0...Q_..X..V5E~..c..X...@u...cTW...0...Q_..;.m.....@w...Q.+....*.4W...lUFh....v..._..wn...dW....y._..v..E~...*...@wn...dW....y._...v..U..@wn...d..{`;.|U.2g...*.3...:.0?ViN.z.@w...4.M.:m..`~..i7...q...I....J.`l...W..n..PQTiB...6....+..sj.*."...6....+..WA...x..A........(.N6`..AD.q.....'S...t.Q:.l.......f.]..N..0.. .u8..A........_W..Y...}.C...~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~.v..?U..^.r..}..Bep
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 40 x 623, 8-bit colormap, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1569
                                                                                                                                                                                Entropy (8bit):7.583832946136897
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:KArPoy/sSfmBL0EGEsRgeTLLXFnViAAEslVorlP0i8OmO57EnGAkYelBKMN:9oQPTgeL5ViAe8rQs7HAkrlc+
                                                                                                                                                                                MD5:07DB3F43DE7C1392C67802E74707DAA6
                                                                                                                                                                                SHA1:C173ADB1999065C5E1E6DBEF934B4D4D7AF0CC23
                                                                                                                                                                                SHA-256:51E05999A1C9F17DF28CB474E57DD8E64BDAB824874A532C20A23766A01F8967
                                                                                                                                                                                SHA-512:E509255519D4E521E82332FF418DD5A6BBBC8476399A0D9C3D81542C1CABA535B2D79E5BC90F73F9EE8468643302137671934ABD600FC696F16161C91FEAC111
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR...(...o.....>.c.....PLTE................................................................................................................................................................................................a.o.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.Y.. ..........}%.../].`<..y....V...m.....<....)..;Ki..'9...2.:.c...t..V..d.t;-y.Z.=K>B.."{Lj.~G..|..ENC.!Sw,....";.p..g....E.B..S.-...k..P."..E......l[./D.-.....Q+.G<>.+..b...#..y(...{a.M..J...<....v.W..F.qm.`.....(.mk.nX....l.Px8.0\Z....7G...$*.....&..Z.VJ.~......J.2|...2H..../...=.)q....ZT" .,%..h.p....Z$.!........r...Hh.f. ....P .d..1d....2.3h....;.A.... ....d..g4...A..^.....2.ew..."h...y/..j.h..B.......%.2.%..{r...+dG.=9h....P1...A...c...^h.]Q0.8x....q .!3....ZW"Z.!3...G.vC.GG..".&..X!3.|xB..V.P!.+zS..NX!3.....Nh.y(.Z.1.h..B...Z+....l8Xcu.B...K...@U..@Q...mB...x...&L C....mB.....@kC...Y.,.... ..e\F.B..........y..e\..:$(....Z.a...yn...f..z.~Q.{o...].ln.r....^.@.{..c.7..{...
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):12824
                                                                                                                                                                                Entropy (8bit):7.974776104184905
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
                                                                                                                                                                                MD5:2628353534C5AD86CBFE57B6616D46DD
                                                                                                                                                                                SHA1:244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
                                                                                                                                                                                SHA-256:69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
                                                                                                                                                                                SHA-512:2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}*f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F*.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.|. ......EC..............1.\
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):27862
                                                                                                                                                                                Entropy (8bit):7.238903610770013
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:LTawAZvhbrXzDc6LERLQ/b5vXOl6pXQ/wD5OUMrdRUUhCplQg0ESSz:6wm/vT/b4wxoqbdUhWnSs
                                                                                                                                                                                MD5:E62F2908FA5F7189ED8EEBD413928DEE
                                                                                                                                                                                SHA1:CA249B4A70924B73BDA52972E9C735AEC35A0C5D
                                                                                                                                                                                SHA-256:20ABE389C885E42B6EBE9E902976229BB6FD63C8C34CB61AA70B8B746209F90A
                                                                                                                                                                                SHA-512:EE8D1821A918BE8714F431895E7223D08036E88A4FDB9A5485EFF246640EE969A69A8AA4E2E9DDC35BA75FB6D4E95092A286E90B477BD6998C313639C2C31F25
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:18:09......................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................!.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..P.v..+..n(a..Q..S\6....Y....D......} w#.b..]l.5.RU..k...... ]$.$.........f........?.z@2uU...7....?..|.Q..I.&.. ......"T4)wdH.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 357x69, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):5465
                                                                                                                                                                                Entropy (8bit):7.79401348966645
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:X0cZneDWlIKmXwxacOHHI6EhzNlSSDDgafbofgt7mGrw:XleDWlIJwQHihRdgu8imGk
                                                                                                                                                                                MD5:8470F9A96B6C6CAD9EE60961E96D19B2
                                                                                                                                                                                SHA1:AFE1F01FFA4E4CB06B1D770C9C59DA75B434D1AC
                                                                                                                                                                                SHA-256:2DF453410796AEC7B9EFEC00059B6CE64BCF67313A95AE458BA600EA5DE14811
                                                                                                                                                                                SHA-512:CAE5C2ED091BA49761F0348516D53491E578FB165F32F93AC7DAD927383E9A398B06229FAC6A8233777DF708E5001AE0037A1FA960293BDA49892C40B37F2240
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H.....C....................................................................C.......................................................................E.e.............................................8...............................!"1...2A#Qa.$34bBDSqt..........................................................?.....`0.....O...3Sd..@..5.0....Q.pw....;....!pN.DR....`0......N^...k.=.u.e.7{.b........?z....zV...M.....P:a.SPj.....WRK.=x.2.h..2..AS..s..A..|.Z/f$D.YX1pr......}G6._.~..)j...+.s.r".{..q..-.^@...#w|.H..*.K)....g...y..`0......2.w@.Ro.d....@...K....}...&... y..f.y.0.|DC..>p.[E.2......v..N.)Z..4.RF.D.8]..Z.|f/..+\ID.r/.o........0i..*.G.O..uj..RN. ....j...xnF...Q.Ls.U.c.D0m....z.k.P;f...b.=..L.hH.,./;.U..`sa.I...?*...I....M.0<.u....!..C..U.T.....s.Q......_..7K..*.....?....R\&=.<.u..oQ}WZ..Yu...{Fe3.h...@.s..mW.G..^....1.W.#[.q2.&u.c.G......`J./..X.C....M;.....3k$}.i.3...#/x.m.Oh.}FH]. ..5NNDIS.-.M~...6..w.d....P.;..k...........v*..T..L.P...s.!B.4..w
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 3005 x 184, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):12180
                                                                                                                                                                                Entropy (8bit):5.318266117301791
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:k1bHyG/fKOOOOQJUg+g2S+kEm6alfsfsfn32:+bSG/yOOOOQ+g+gOab32
                                                                                                                                                                                MD5:5C859FF69B3A271A9AAB08DFA21E8894
                                                                                                                                                                                SHA1:3156302A7450ADFF4D1B6EC893E955D3764D4DD4
                                                                                                                                                                                SHA-256:B4A8E9A67EE0B897615AC4CCE388FFC175AB92D9E192E6875C79A4E7C1B5BB6E
                                                                                                                                                                                SHA-512:4CF518136EEBCA4F400A115D9B7BB0CAC9FA650BF910B99E15F04A259B7D3EFCFFD6796886FE09DB08C37C332B14BC8500845C09C8EAE1F2306F90E98D3C99E0
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR..............;j.....sRGB.........pHYs..........+..../9IDATx^...dW...S=.dL$.............-.`...'...x.7.D...(...$.?cO....9S]=.v...Z.......{..wNuf.&.....a.k5~...._..\.yk..v.....}{._.Q...5...._9o.n.....}7.].1v..t......q....3.<..0<.p.......0....s...... @....... @....... @....... @....... @...X.'..U-..... @....... @....... @....... @....... @......,I......+..... @....... @....... @....... @....... @........z...r.. @....... @....... @....... @....... @....... .$.C.KJ[.... @....... @....... @....... @....... @........&`.=X`.%@....... @....... @....... @....... @....... @....../)m.. @....... @....... @....... @....... @....... @ ....`.)....... @....... @....... @....... @....... @....K.0.....J....... @....... @....... @....... @....... @...`.....\.... @....... @....... @....... @....... @......,I......+..... @....... @....... @....... @....... @........z...r.. @....... @....... @....... @....... @....... .$.C.KJ[.... @....... @....... @....... @....... @........&`.=X`.%
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 40 x 617, 8-bit colormap, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):827
                                                                                                                                                                                Entropy (8bit):7.23139555596658
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:6v/7Hs2NwBW1mtjeSfaTHHy05riYUtr8y8PQvPYzzg979Reip0QPqc:oOsotazy4rStr8y8PQIzWea0Qv
                                                                                                                                                                                MD5:3E675D61F588462FB452342B14BCF9C0
                                                                                                                                                                                SHA1:86B62019BC3C5BE48B654256B5D10293FC8C842A
                                                                                                                                                                                SHA-256:639EADAD468B6B32B9124B1F4395A8DA3027FF7258D102173BA070AE2ED541AE
                                                                                                                                                                                SHA-512:E6EA855B642ED36FA82F8E469A826DC57EB0C36E307045FF8D166F67AF9242C87840833BE31FBE4706DC54100E999D6A3D3A78D0633A3114735818874AD34758
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR...(...i..........`PLTE...................................................................................................bKGD....H....cmPPJCmp0712....H.s....qIDATx^...0.Cg.;......@j..2c.=~KP.[H~..@..8...?U.g.n.a=.=.).....3..u^(.....L....5..........8.}..T.f.n.a=.=.).....3..u^(.....L..r....s..8.....W]....,..9..G?.a..`c.z...E.p...)Y.P.....#....@9.7].....,..9..G?.a..`c.z...E.p...)Y.P...`b....0.b.+~{.Pu...1..<..0._.l.@O.y.(...V3%..J....s... .(g.+.qyWu...1..<..0._.l.@O.y.(...V3%...%R.L.Q..x..R.<t.o......7.............:/.E..j.da@i..`b..Z......u.>.?...7.............:/.E..j.da@.Dj..9.W....s. .....:.......L...">w..7... .....:..."...L..."..a....D..Ya.l....E.{.@&.|.._...7..D..Ya.l.....{.@&.|....0.J.."z.0s..s....=g ..>........"z.0s..s....=g ..>..l..1...y..g......IEND.B`.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):15740
                                                                                                                                                                                Entropy (8bit):6.0674556182683945
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:Elv3GG8/OOs+GouFdxMlxjoPyerzkpuOo2vPMc62PaJseZC+BJoS/:EtNiwdxMlZoPhzkpuOo2PMc6rX8+B6+
                                                                                                                                                                                MD5:FFA5EC40DC9A0FD10EB9E6355142D6A6
                                                                                                                                                                                SHA1:3D3D6A7E086B3C610C08F1F3E3F883604F06F2A4
                                                                                                                                                                                SHA-256:D74C3973C8D1F7C77274691AFB1AA934940674341D7EEE563BE75E563281BDFD
                                                                                                                                                                                SHA-512:6FAF2A24D06E6008F3579C7CEC90C2887462BDF83FAD7372FBB74B8DE90340B580E9836F309B68A9794597A598F7DCDA661C9A58DA6D8187C69083B7A17C9CD9
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!.1.....AQ..aq.g..8...."r....2.FG..#.E..7.Rb..Cc..D.v.B..3s..$d.%5Uu..&6fW'w........................!....1Aa...d..5e.6.q...Q..."2b.c..r3DE..BRs4U.#C.S.T............?...u.&0...cV.T.I...1..=4....Ce_.g.q.=F.M:>)...k..pm..h..=........S....)Ja8x...b.).=5.q..0......k.M.....1?-.G.b&.5..Ep.8t...'...R)..ta.F$bXO]tW.b.6#.t.XWN..ZW......].....G....x&&f..'L.....7...\...'.8...~`.sa...............................................X........qo...SMk...'.V...i..hb.}&?/.k.:>l.^....>Y...<}...&.jY.Gn.MKejyV......D......gf.0....t.nw..XQ...H.B.....=8.UkR.....Hm..w..]...k...#Z...F../.gjWvf.....w.aZ].2..5..^...VZv..._.7..a.|...:.B...,f...............~....m.;_.....-.e.y.w.[m.].bu.b.f+.E++\.....Y..7
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:15:20], progressive, precision 8, 604x784, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):140755
                                                                                                                                                                                Entropy (8bit):7.9013245181576695
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3072:i/aDiblRsFcOco8dofE5Zx1+NQI8Wh9aiOe5NTO:mnbM+TxaAi98W3aiOwTO
                                                                                                                                                                                MD5:CC087700C07D674D69AFDFDA0FA9825C
                                                                                                                                                                                SHA1:F11113DF69DACDB255C6CBCFB29C1D1CCE40B346
                                                                                                                                                                                SHA-256:A7FA7F092EFF43030A56342C39A765F8D5CC48C7DB815DDFC8C1E5EC40117FAE
                                                                                                                                                                                SHA-512:843202D975EFA91E73287052A893584B6E5AE601F91612B56539AA2F73D1AD3F997FCAD1E711E0F483A2E91D46D9643D0B026B43F4E94116A5D2FB6551536034
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:15:20.............................\.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................{.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.......J...\O.,......../$..........OE.m.o......T....Z..l.g.-....m.?...Y....3......"....].j.X.k.S.k.....4..R....{....?F.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):47294
                                                                                                                                                                                Entropy (8bit):7.497888607667405
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:aQ10VrIBdBvDpQrQ7P9/FUOLG2vTSeG9lkCsMKzXeMBk3CBp:aC0JIBL+QsOLG2+ZAC1KqM2I
                                                                                                                                                                                MD5:7A450E086AD14BA7D89BA5DB3D3AE6C7
                                                                                                                                                                                SHA1:E7AEAFCFCE476390E18C19456BDF6529D863D518
                                                                                                                                                                                SHA-256:BDD997068701ED3A00A224EB694B003C01AC69B857FE7B4147D6C34875B1632B
                                                                                                                                                                                SHA-512:9B6D50A6CDB6081DA107A2CDDB1BD2811A5764994C8E3F67D56CA81084BE0D068C27435154E867199F38688EA65E8DE02A56DCAC47D0F5E55F0FBB6598814938
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..A..Qa"..q..2.......B#...R%.r...$&b...3Ss.4dU6F.cE..'GC..t..5eufW......................!.1..AQ.aq..".....2BR......r.#3.d...b..Ccs.t......$4T...SD%5Ue&Vf............?..M.7(..).:.a.q.......>..[:O...afQ.uCO..U.....go.l..p..YqVklQ.{i.w&.]Z.\+JQw._.n.'.h..,.bj..X.].k&.Q.>gU..f...1|....[...jQ.%Zb.......t..........*..V..j.6....Vj..i.....?...IY.P.....$.j........[l.....S.4.J9.U\.......7I..[..=*N5....xW..../...=?n....uG.D..S.>...8..3........n.S....]k.*...4.>.R.o..{..l.H.#.^....<amG.m&.......,....wDY.W.m.X....We.IR.Nu...y..Z.l.._S.mr.m...y.]m.R.MT...6.5.5}.K..#%..k].7.Y.q]...%.r.7.R^jR..z.K.T[t.a..d.)glW.r.v,.`....O..^..o:.Uc.\..D....f..D......yt.Q...Y.....
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 39 x 600, 8-bit colormap, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2104
                                                                                                                                                                                Entropy (8bit):7.252780160030615
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:2PPEOtz2P/LJtVRaqBG8qFOPvHlcEXgkuwf+j:2PZFSjJDjqFOPPlXgG+j
                                                                                                                                                                                MD5:F6C596F505504044DF1E36BA5DA3F09B
                                                                                                                                                                                SHA1:BCF17EC408899B822492B47E307DE638CC792447
                                                                                                                                                                                SHA-256:EDBB86F160050FBF1F9860276802BAE292DBFD0BC98E3EA90D43D981E9F0C54A
                                                                                                                                                                                SHA-512:E8D067A1932CED8746FE7D665EEC34EA92A98AFF3DF26FFA9DD02742DDEA3C5654124A88A649FA33DB596F96A5FC9CB2C693D03132F1C8B254ACB56DB4763BD8
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR...'...X.......:....PLTE.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................{.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^..c.%i.F...m.m.f.m.m.m{&....X...9.....M.WUW.d.N.O...E$...$...)H....n....N.k..v.....v1L[w)w.}..!...Y.X.V.D.......[....;..[..;....
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 17x608, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1873
                                                                                                                                                                                Entropy (8bit):7.534961703340853
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:N9YMw9kGzE4xTdow1C3kyIkyM66KeJY3fOxJ:/h8HzE4xTdoUCUyxyD6LCvSJ
                                                                                                                                                                                MD5:4FC8500BD304AD127AF4B5E269DFF59B
                                                                                                                                                                                SHA1:9A5E3432358A0FCDECE86AEB967319B93A65D14A
                                                                                                                                                                                SHA-256:B4DAA90D5A53FCBC85119050B5B76962443C4DD18D7F42CDC6D4E0AD8EFAD872
                                                                                                                                                                                SHA-512:E5E07054A522EB91EFD39722AFB3776389632B8F5F923C1D29796716D68CEC93BE5E44F79913804CEC7ED631FF520CBBBAAB841E01FB90AF8E8ADF84DCD47481
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......`...."........................................>.......................tu.....45.!#$%1s."fr...2Fq..AQe.Eav............................... .........................!AQR.............?..e4.bbu."m.G......u.S.-Qq.b.a..'#..E.......u.|:.f[O..jS.S.&....=.....[.....S...N.~~...'...q....N.T.Oyf..a.6..%.I.1j.e~.4..[5.WW.Y..Xp.gn...u.......Gb.O.W..k.!mJgfq....~.F.......m..}bn4.5........s,F...z.b)..O..*...5).-.-\....=`.fP....%...A..Q.&..9.....QQbD.%.:u.f...r$.10..W.F.T..MI...9...ZQH._..).....D..n.F].........*.:.j...!6Z..S....0...B.6..Ga..S.O.....U8S_.J.>...i..?..<.P..........M..F.T.C..7.E...`.4BKcMh1j....4y...+.|.^......2[.WG.W..+......E..r/V^".R...."..6..hht..f...........;E..Kx....)}Le.A.x.>..$/).._S.n.L......}..H^Sw...2. .v.io...../.........x.>..$/).._S.n.t^;O.....n...[.S...h.v.io...../....:/...[..7yK.c-
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):39010
                                                                                                                                                                                Entropy (8bit):7.362726513389497
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:6tCjwO+E+KW0ZtOgepcoWW4pAWQ6/KWcR474HOAZaDfK:68j+E+KW0HOgep/72/NKWcRNefK
                                                                                                                                                                                MD5:9700DE02720CDB5A45EDE51F1A4647EC
                                                                                                                                                                                SHA1:CF72A73E1181719B1CC45C2FE0A6B619081E115E
                                                                                                                                                                                SHA-256:7E6A7714A69688D9FFDF16AA942B66064A0C77FCD9B3E469F89730B4B9290C3E
                                                                                                                                                                                SHA-512:5438921467D62376472007B9EBF3C35C9D9FE3EDE04D99A990129332D53EBC8EE2555C0319A4F7C0DF63516F29CEDF2171D8B6DC34C9FCD075C2CA41EB728660
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!1..A...Qaq..".......2BR#...b%&6..'w.r.3f7W8.s5EUeF.g....CS$4.Vv..Tdt..G..(c..u.Hhx.......................!1.AQa..2.q....".s...3.4BRr.#......b.$c............?........uf.....t...;..[...W.h.....-.k.f..i.u..KQ..b.F...rM%/.8n.S..=9.....G$O;.f.}L..N..U._i.[.X...3.~....S.~..+t$...c.5......{..X/..#.G...}s....6......^....o~.$.\WA?...^*w[O.~..6..~....a....~..:..0.......{O...|.s.u._w.........i...........{K...._.?.../{.....A..8....<g.iu..<..................X......|]v....D..9.k.w.|-IF.Tv.-.&.........."'.4.b....z.._.Z.....G...u.xyt./_.q..m>..S.V.Xdc.bw.T.W......g..........}s.._..?....U]_.......`......>.|'.~xH....,...?........?.q....o../..R..;...Y.G....A"?......?.<..1...w..o.M.........tco.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):86187
                                                                                                                                                                                Entropy (8bit):7.951356272886186
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:AbmHwD7za0syWMetp3TdPFzoJamVdAQZCiUit9qbYN6LerhWMzIWgN1EeaYhJM:1QnzsyTeP3TPAdAQZCi5qbYEKrhWWMNO
                                                                                                                                                                                MD5:FEE4785DF76E93A9DC2F4501CBAEAE12
                                                                                                                                                                                SHA1:8FB4527BDE05EF208FCDB168098A07707C27501F
                                                                                                                                                                                SHA-256:F091DED5E283AF6848670A3172E7C43C6099875D39B3FC69C2BDBA914F609602
                                                                                                                                                                                SHA-512:7E99D33151A0D3873D6A819C98EA8E62D928C087B7BA2080F11C7BCF746AD60A44D4FF6EE3D2D2E8DFA4BF1FC6285ED56BB83F91C2FC6FC4FDFF2000105F10B1
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................1.!Aq...Qa."...2..BR#...br......6v.7..3.CSc...$4.s..&dt%u.f.......................!1.AQ..aq........"2.B#....Rb3..t.5u.67.8.r..$....C4.cs.Sd%.DEUe&.............?............w.....c.....i.A.....3...7.......7..P......%.........?Th..l./?.;.....$}..=5Oa...F.c.A/...D.D..]..y..3e.5\%.fo2.X.*]q.5Ee.}..i..md.T....#...-...Mu...9...-+..~w5O.);..G..'.;..).....A_...M.vV..y.q......,<.3.(...._K:..XM.......w.......9..T.......?b..a-%.c;.}..>....|.,lZKCEB.t...fw|.Sw^..Y..:.J.................t._P..v..j.1.R8.R....G..W*H<(Xi........i..xcu...WM.dqM>'W..g....M.q.....+.....b'..~....>..T.~Jc....fj.X.x..9...N.w.6:..>.......&.(h..u...t._...)_k#7Za...cZ....P...Y..;.V.,..xo.....f........Y...\6...M'L._
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):55804
                                                                                                                                                                                Entropy (8bit):7.433623355028275
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:gVvci05lhVbfBcWvBLeynluexaWqzww/u5:gVUZhHDljaHww/u5
                                                                                                                                                                                MD5:4126992F65FE53D3E3E78F6B27FD49DC
                                                                                                                                                                                SHA1:BC0D76B69310DA9B909D3EE4CECBFE5F386BFB45
                                                                                                                                                                                SHA-256:3FBE3C1C238BD7DBC67F8CFF5F3BDDFD513C96A9851B9616477947D21DFF4B2E
                                                                                                                                                                                SHA-512:624853F5E56D224C8188F122B2C4724F867D4099E7FAAFB9C945BE7E2907900ADCF4AE97AB08909CF94E96FB6F381E3B6396D560D93EB2731E4E69CBFE628F10
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d..............................................................................................!1...AQ.aq"2.....BR..8x..r#..9b....3....CS$.'.cs.......7Gw.(.4%5&..Wg.h......tEVfv..H..........................!1A..Qa.q...."2..u6....BRr.#...b..3s..d...7.Cc.$Tt..S4.5Ue..&..%.................?...,...8..{..S.y.N....%..q.8..H[5....o..xg........)c(.eO.YO..._D..x.U.....%.S.r.r._.^..Su.h.Q.t.:.#?....x..B.S...Q.....oqF..%..8'.qx....%.2JKjF..{y.w0.*a.RMb.c.Q{%....eW'..[IV..'ZW3...[...MN.....rO.:....$.i..7....Vrrr...I.r..M..Qo..j....q.^...N...J......%.J..)F...>$.....u........o...+......[...*..t....R}.I..R..S..GB..:......).6_[^Xft...F.1.....zP....,.#....MG.T..Q.F.....)Fi../.I...,%.voEb.b.Z..V3..FT.}..[Z{....wd.z.e.....QwW(.).t..\..'....:)<W.<..&k...caRT.X(..K.....:f...]...q..
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 40 x 650, 8-bit colormap, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):647
                                                                                                                                                                                Entropy (8bit):6.854433034679255
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:6v/71rwqZMXVs99W1YvpLp/Fvl+f43ocLtuplb+CrGotLRd:+wqWXVs99rpLpNvr3pIx3b
                                                                                                                                                                                MD5:DD876AA103BEC3AC83C769D768AD39FB
                                                                                                                                                                                SHA1:1833603AA9B6A7E53F9AD8A336F96CCE33088234
                                                                                                                                                                                SHA-256:1262DD23AD54E935CFA10FEB1BE56648E43BEF1116696CA71D87E6E033B1CA7D
                                                                                                                                                                                SHA-512:946DB2277213104A3B29EC4388578B05027B974A3093B4CCAD8847397AA51AE308BC6A199E5705E1F901D6E4B1BA34D8DECFD6E5B6685184A307D749D7CFAEDD
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR...(.........xk....`PLTE.........................................................................................>.S.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.)..1..7w....6.*.H`T6.ha.k.............b!....Ba..C..P.4K..@.....h.E..X....PX+.P.-.....@@"...o.O4....xZ<...B...B..,A..y.s<......b!....Ba..C..0_p. .......=..,...i. ...=.j..N...........{4+...xZ<...B....|.....$.K<.vyE..X....PX+.P.-.:... .'p......\,...i. ...=.j........K.....%J..S+.....q..k.H.@DD.s...:..J.K.DDL.\.@`,.DD.:.(]..N....KD....A M.....F..S+.....1.sq........\.t..;..../...~k...4.DD.:..]..N....KD........@DD.s...:..J.K..[...Q....V......IEND.B`.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:09:29], progressive, precision 8, 609x675, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):65998
                                                                                                                                                                                Entropy (8bit):7.671031449942883
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:klZtmExaFrtWgpc+Sg+DKeplHClpHfRtPMbe:VEWWl+SNDKqlH8p/vse
                                                                                                                                                                                MD5:B4F0A040890EE6F61EF8D9E094893C9C
                                                                                                                                                                                SHA1:303BCBA1D777B03BFD99CC01A48E0BB493C93E04
                                                                                                                                                                                SHA-256:1F81DDE3B42F23F0666D92EBF14D62893B31B39D72C07AEE070EAE28C2E6980E
                                                                                                                                                                                SHA-512:8F07E4D519F2FD001006BB34F7F8274B9AF9EC55367B88D41D24E5824FCE4354FD1290CE4735E43930829702ED53F41DF02C673904A7091E9354C28E029AD4EF
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:09:29.............................a.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..-O..s(...gO..@...[..+....+...H.'m........L.......@.......[k...S..O..p.'{X..3......]W..w.+.V....[.-.....2..i..i$.p.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):136726
                                                                                                                                                                                Entropy (8bit):7.973487854173386
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3072:SIXmy5Tl704vW2ZKkvV8UU0ZWUF0BJwySIdgz816YzDc1+opecYPn:Sny5Tl704fZFV8UU6LGXwyS4xohpQPn
                                                                                                                                                                                MD5:4A2472AC2A9434E35701362D1C56EDDF
                                                                                                                                                                                SHA1:16FA2EA2D2808D75445896E03B67A93000EEDDD8
                                                                                                                                                                                SHA-256:505F731CB7707EFAB2EB06685B392DC7E59265A40B55AAE43E5DC15C0A86CBA4
                                                                                                                                                                                SHA-512:5E28D8FB2AC62ED270968072A30013334461F7CAE96058AF9EAA6E10912989DC47112D2133892BF61F7A516B77C6FF71BA2A000B750A9F95C787E538B09595C2
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQaq".....2B....R#..b3...r...C$...X.....Sc...9.%'.(Hs4Dgw..T..5GW.x.)......................!.1..AQa"2.q.......B..#c........b6.Rr.3s$.&..S...C4.%5............?.........(......(......(......(......(......(......(......(.G/.GE&...)..P.x..B.({i2Y;.z?G...Yfc.)H..^....#.....}3..Sc^.H..+...M.a.P.....GS.....H_.3..<....1f........1.<.\..nn-..s.s.\9Y....=.......S.0.......N..cA..Io..r.3..........ay.....K.....,.;9..Q......xO.Fa.2..>........{4k.....|....?U....3.8..._/3....#.. t.y......yY.......e.<........#.....B.....Z.%.Y..S.ye.W4...l.......X...%.@y}>....l.yi..D..W......L..._D.Q....)...E....n.%...*..K.4#.8`..I....h..h.o..I......-...hB...3..u.(5..........n...,.@....a.t.9.....@.s.>.&...@
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):33032
                                                                                                                                                                                Entropy (8bit):2.941351060644542
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:ofmqvnCfmqsp1Ue5xzMq+Qh0dffUmS0w5xzMq+Qh0di:AGAp1rmSl
                                                                                                                                                                                MD5:ACF4A9F470281F475EA45E113E9FB009
                                                                                                                                                                                SHA1:B20698DDA5E5AFDD86BB359A6578C9860D5DF71F
                                                                                                                                                                                SHA-256:5DC2367A80588A7518DB5014122510BF0FD784711015EF83A8718336584F82D0
                                                                                                                                                                                SHA-512:998B7DB9DB08FD15A293267E2371052E436E024AF8D34F96D3C8FF04B1316678DFC1674C921CB404121FF381A4FC39DC759E6698F19D42A6261CBD39469B0A08
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:....l...........................Ac...... EMF........$...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC........................F...(.......GDIC............^...........F...........EMF+*@..$..........?...........?.........@..X...L........................."B...B...B...................?...........??.....n............;...<..@<...<...<...<...<...=...=.. =..0=..@=..P=..`=..p=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...>...>...>...>...>...>...>...>.. >..$>..(>..,>..0>..4>..8>..<>..@>..D>..H>..L>..P>..T>..X>..\>..`>..d>..h>..l>..p>..t>..x>..|>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...?...?...?...?...?...?
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):59832
                                                                                                                                                                                Entropy (8bit):7.308211468398169
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:HS9SYFtN0+CRa9mfJy4zBAiIJhzrkHDV2hJK:yAmta+Tyy4zBIJW5WK
                                                                                                                                                                                MD5:DCDD543A4E0BA2C1909BA095D46FFBCB
                                                                                                                                                                                SHA1:B86C89537138FE07255354202D3EAD0B53B3C54D
                                                                                                                                                                                SHA-256:28F334B77068F71F5F92A95695433B950610204A0E5580CE567DB8FAD4993ECB
                                                                                                                                                                                SHA-512:5408C3259B7F3288A4BEB04342799AD5FE3A6F0EC7E92353B29B7E7E538DFA9903B39637226919E0421BC422635D25F5F8069DC7441864DC03E1B909BF5C2C84
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H.....fExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:08:07.............................S.......................................................&.(.................................0.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................y...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?......;R~+'....xh..~.n-}.......Te................^B..IU_....._...S......h.......!....9...A}6V=J......C..c.....Ug.Wh......
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 39 x 579, 8-bit colormap, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):515
                                                                                                                                                                                Entropy (8bit):6.740133870626016
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:6v/7su2/c30mqkg9VgFHe7Ll8UmJX/N+1Zmkk8f3lbtI4:4mc38gFHe18lkk8f3lbth
                                                                                                                                                                                MD5:E96BE30D892A5412CF262FEE652921CA
                                                                                                                                                                                SHA1:8190A0BFE21D04BC6F3A406E91B87CA69C03A2DE
                                                                                                                                                                                SHA-256:0E31DA4DFCFF4A36C64C1CE940362D2309769F36369E4C43C317D5F2FA15658E
                                                                                                                                                                                SHA-512:D647F51ABBD013226A6ADD0D551D058C633F867F9AF5A9E099B85D6E291D220F7B85958B07381CD4C7C4F72356DBAFE2A86932AE398E28C56CDDF0744E92EE24
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR...'...C........b...`PLTE..................................................................................................bKGD....H....cmPPJCmp0712....H.s....9IDATx^..I..@.C..<..?mo.#C((.J}...~..B...b.I.i.\<.e.....(p.I.EO...q.x.......dRz....K..b0.:.<c.o..0.x\:...F....I&..ap....."P@....DO...q)p*..@Y.CL2)=......1.........4....._.G..^`..lDO...q...X....SL..z....K..#.L#..I6..ap.Ls.,....7&..ap.p..lI...,GO...q.....k.n1..4......3=.f.x.$..4.....o....x.$+..0.x\.,&6...............IEND.B`.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):41893
                                                                                                                                                                                Entropy (8bit):7.52654558351485
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:pZvVQkUbOHxx3pvVmO5rsP5gUdXwFMuv53knzyncaXgRDqPU:pZkijV5wScXwFMYknzucaXgRyU
                                                                                                                                                                                MD5:F25427EFECFEE786D5A9F630726DD140
                                                                                                                                                                                SHA1:BC612A86FF985AB569ED1A1EA5FFC4FDB18FC605
                                                                                                                                                                                SHA-256:5A36960DF32817E8426BD40A88F88B04FB55B84BAEF60F1E71E0872217FDB134
                                                                                                                                                                                SHA-512:B102F34385196D630F198667E874F25ADBC737426FDAE0747EC799B33632E5DC92999C7C715DC84D904342738930267AB1709870BDAA842243E4C283FE5E1554
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................!.1AQ....aq......"......2...Xx..9BRr#.b3$..&..g.8....%F'G.(H.Ss..D5E..v..W..Cc.deu..7w.h.).....................!.1....A..Qaq...Ttu.6..."R..5...2B..S....bcs.Dd%&r3C...#$...Ue.............?..R...%.R...t.MQ*.l...v...V]..n...Zw....M....4..F.&&bb0.:]l......ay.r<..3.l.Q^.........I54.N2.8..2s...w..r6.......[1Zh....O...9..>...B......x]...r.\.\..v..~....y.QT.3.......=....r..}.l.....o;....M..C1....w)...+o1f.]...MoA.E..s5..i.\....miGsy..m\.Zj....I'YU.\tU6La5v.>.K..m.]1.......k..0....</5v.V7lY.e.vV.+./[....f..u{....s.}.Rb.Z.....Y.6]..m....V.\...Mr.=r...K...l..%..m^.......X.(..fG..[F*ly.jL.a4..vs..o.e..q.9km..w1.yg.....r_.*h.n..5i.-.{Y.l...<...'Or.s..Z....../JP.....\FV.S..............m
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):22203
                                                                                                                                                                                Entropy (8bit):6.977175130747846
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:5q3R1VBvq3R1Flrk6Q0QPJJrR39joOVMJ25d1NkMhIwobbtAAAqYnLJZMJYZ2AC:xw6Q0WJR3FoOVMJIIlAAAqYnMJdD
                                                                                                                                                                                MD5:2D3128554F6286809B2C8E99DE5FD3F6
                                                                                                                                                                                SHA1:FC42CB04151D36F448093BDEFE33031A9B8D797D
                                                                                                                                                                                SHA-256:14FA2D16310485AA1CE41F6D774A3D637E8CF8B03C4F72990155DF274FDB6BD9
                                                                                                                                                                                SHA-512:D8531247A6E89ECABEA9C4A78F596CCE3493334EDF71AE4F7998FDDD0F80705948609C89756AB56FDFAB6D04DEC5F699A693801A772CA2EE2465BDD2CE5D2D5A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H.....XExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:06:24............................&.........................................................(.....................&...........*.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...H.....Go.Kxn.b..g...........%?_....O......q......7G......%%.V..8zm.].v?...jJ~._..>.......O;........o..rI.A.....n.a.........
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):179460
                                                                                                                                                                                Entropy (8bit):7.979020171518325
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3072:oiKXvL7lv0am/R1vrdH+9dK6zPQ6bbnGDpcGGDNMIOIMAT8q9Vc02Q57S4A+vMFz:+vlvC/HvgA6fGqGGJlO1qZ71W6CzDn
                                                                                                                                                                                MD5:4E131DBFEC5C2462273CA7B35675B9D9
                                                                                                                                                                                SHA1:CA037F444D819A118AC37D7AA3782B9BF94C1616
                                                                                                                                                                                SHA-256:2A4A3530D652E227DDD5ADC096A95F6034718F7C380B07DB622022D768815059
                                                                                                                                                                                SHA-512:C333ECEB1439D0238BF44FB7896E62DBA4C645B70413AA0F99C1F10E8DCD20C2EEE5C83F2E9DDE9A2494C85A6D8D13CFFFC4160E2F598E17867015F5244D656A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!.1AQ.aq...".....2Rr..Bb..#34.....CSs.$5c.t....%.Dd.6.T..u.U....E.7w........................!.1A.Qaq......2."r.3....BRb.#4......CsSc...$.5..%.DT.t67d..Uu...'............?..c.......p..z..i.....z......kj........F>f......3N...M....RM.&..-.~.Q..'.....q.a..w...-~......g.{..&.......V.n.D....>FS!n.....@..)...W..q..Wr{..J.gf.{.M$.P@m.,..9..&m.D...w.._...-.O........s.....h.k~......(.K...V..l.-...+.9.k......*......#.p#.O..9M..mF...C.......7+.AI....4vw.;..H......e..Q.u[.eUK.....z.....[.Kt...s..Lf.4..l{.....sh.............=..;..iqkj.m.a...NH......v..H..$..q.y......c...U[Mcf.......+...S-...^....4..T..YtL.x.v.;.....<...Ik|B.$.s8......3.+.8.l.. h.:....%B..W..I.QRS..,*x.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):52945
                                                                                                                                                                                Entropy (8bit):7.6490972666456765
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:cjvqR0XvFaGCTJffi0tgybmWDoTw71kHUAnjvawrlp2+NUO8dWSNl3PF2PjK/q09:cyRffflgybmWoTw1UUADHUbU21MjpAD
                                                                                                                                                                                MD5:AD003F032F32FAC4672D4CE237FA5C5B
                                                                                                                                                                                SHA1:AE234931B452F0D649D91291763B919CF350EA49
                                                                                                                                                                                SHA-256:ADB1EBBE18D6CD8FF08AA9BF5C83CDB83BF9AA179698E34E93DBCDDE12F04D32
                                                                                                                                                                                SHA-512:ECA25FA657ECE3A66D3E650628E0F65D3BADD38864C028AB6553950A1A66D7D55482C85E9E565573E9E5AAFA91C2D53235971C644A266D41EB69F8E72E3A843B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQ..aq....".....2....BR#r.b3$...C.Sc%...s5E......................!1.A..Q.aq"...2...#...B...Rb3..$..CSr...6............?......y_N.e.H7?........W..w....k|...S..d.4.>.RW5z.$.i.)V.O....>o...c..*&1.D..O..".ufbb..1...t..u=..K...m...~.....F..-.fb:i..=f..C.w.[{..~.7k....;..:..3....4.....$..m]...}....~q...9T.#..7.~..8...q.N;c..ffo.w...W..d........../t_........lWJE..).>..v;:=....Rrw#.m.n.n...E...vm.J}2N*..|.4...80.#..e....t.J..ZQ.x|g/....F..e....k+vK...M..W.X.e.L..~...j.....kz....=...n:O.:..[.L,.+R...Y..zKNI....,..{e..U.'...}.......|..t.]...~...b4......_.i..../.......m...a..n...v.j.?..Rc.$G|.31..#..$?.........h.w....-... .a.%z..u......u.A....Fm..J.......G..[...w.....:....w/.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 50 x 556, 8-bit colormap, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):977
                                                                                                                                                                                Entropy (8bit):7.231269197132181
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:6v/7QiFJaY/z+obuqFA4fypjQSbtBK+lcqNGSbb7XTJArRRzN5DjNRkPmu5cCbR2:x0QY7xbjy9pY0JPXLTWroeuCCbX0
                                                                                                                                                                                MD5:B7F74C18002A81A578A4EE60C407A8D3
                                                                                                                                                                                SHA1:70A7D4BB1B3ADF4397D168AD0D81B286F88EBDE0
                                                                                                                                                                                SHA-256:95F59A0433050180D4C0E8858B83363D51BEA6752A8B7CA516A8677854D8F5B6
                                                                                                                                                                                SHA-512:13186A7CDCE80BCA9D2238666D6D7A989FA1887EABFA5D8A9A63EEC304DFD4BE8EFF652205FA56E1D1CEE7D3680AF8C70A952AF73AB3C246400E8D4EBECBDBA9
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR...2...,........A....PLTE...................................................................................................................................................................................$.y.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^...0.D_.......cck.....%a...X.a0Y...-..!.G...[....(.r.H.$...1 .zq.4V.e|a.6.X..4..kl.%....=w....6..TN.....{.4..T/.z...../.....3..!~..t.#b..^.....E!.SFb ...-.....^...,..C.!.b...i._c...s.X.w.. lsQH..H.gKc@@...i. ....m...;Ci....@G.; V{..lO..\.R9e$..{.....P...E.+.2.0D.B,..P...56.?......K.6..TN....^z.4..T/.z...../.....3..!~..t.]b........E!.SFb ...-.....^...,..C.!.b...i._c..Y.O...?.9k2.M.?5 .n.P...,...d._..%M?....6....,.1..R.4.a.R.+..U.Q..P...vd..T........j .]@....."..lJ../.90.4...Y. ...9.%...{......Hc%.....i..%M?aG..H....o.q.......4.......X.d9.r..CI.O.5.Ri0?.s\b....w...>/k..4V.)Y....P...vd..T........j .]@....."..lJ../.90..2..MP..l..?....K.X.....IEND.B`.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):14177
                                                                                                                                                                                Entropy (8bit):5.705782002886174
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:EbgGcV/hlvpfal7rgYa8S7auAxwfuSTmCSNoFQ6NO7L:EbgGcVnpwimnd38FdQL
                                                                                                                                                                                MD5:7CDCE7EEBF795998DA6CAC11D363291C
                                                                                                                                                                                SHA1:183B4CC25B50A80D3EC7CCE4BF445BCFBAA6F224
                                                                                                                                                                                SHA-256:DE35AF949D4F83E97EE22F817AFE2531CC4B59FF9EE6026DCA7ECEBC5CF2737F
                                                                                                                                                                                SHA-512:560FB15A9C12758D11BB40B742A6EAD755F15AD10D6C5DEBA67F7BC8A2AE67C860831914CBCBCDED9E6B2D1D5F26A636B9BCEF178151F70B4D027316F94F27E1
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!.1..A....Qa".q..2.....&...B%6.'..R#3.$E.r457bS.DUFV.Wg(.......................1...3.Q..2Rr....s.4.!Aq.S.aC5B$%............?...n.Liq.}.{#....3/gg.1.M +..~3...q..+=..:.g.i1;P)7.....q..n.s"p...wx........v.t.f;..L/..~....y.r[.r.....n.n3..6i..g..}../........3..x.L.i?We..l.......~..<.;..6..o.....N.t.o6.l..~.......<...m.V...Q.7k.u./wq.t..;.I...}..{...>.L..3m..a....yd......6~.f..~Y..}+..<.[w..'-..?.v.7...v.u..4.......1];..u.MO.......s..p..ms.'.O-o...O......m.k.e....)t....i>..E|....,iOyD|.{......g.n...cu....=..........h.\.Q:?g/?.I.3._...t...d.n.0.%y....S.Q....S.&K.w..&wY<....%.g.v.....$y..#,i;.=...t...I6..yO..o.d..w\k...~......)..rK.......].u....N....e.s..kU.u..'}
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):27862
                                                                                                                                                                                Entropy (8bit):7.238903610770013
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:LTawAZvhbrXzDc6LERLQ/b5vXOl6pXQ/wD5OUMrdRUUhCplQg0ESSz:6wm/vT/b4wxoqbdUhWnSs
                                                                                                                                                                                MD5:E62F2908FA5F7189ED8EEBD413928DEE
                                                                                                                                                                                SHA1:CA249B4A70924B73BDA52972E9C735AEC35A0C5D
                                                                                                                                                                                SHA-256:20ABE389C885E42B6EBE9E902976229BB6FD63C8C34CB61AA70B8B746209F90A
                                                                                                                                                                                SHA-512:EE8D1821A918BE8714F431895E7223D08036E88A4FDB9A5485EFF246640EE969A69A8AA4E2E9DDC35BA75FB6D4E95092A286E90B477BD6998C313639C2C31F25
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:18:09......................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................!.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..P.v..+..n(a..Q..S\6....Y....D......} w#.b..]l.5.RU..k...... ]$.$.........f........?.z@2uU...7....?..|.Q..I.&.. ......"T4)wdH.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 50 x 600, 8-bit colormap, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4410
                                                                                                                                                                                Entropy (8bit):7.857636973514526
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:E/pQuIhKZ7u06dICH3AroiTe8DGTl55poBUmLNjpH7MvDHjfm:MpdZtPbknnRPpkLNVMvu
                                                                                                                                                                                MD5:2494381A1ACDC83843B912CFCDE5643B
                                                                                                                                                                                SHA1:98F9D1CC140076D1AE5A9EA19F47658FD5DF0D66
                                                                                                                                                                                SHA-256:5EEBE803E434A845D19BC600DF3C75E98BB69BD0DE473CEEC410D1B3A9154E28
                                                                                                                                                                                SHA-512:0E64CC3723DC41D94910F7ADFB6A0DFB5049350FD15A873695614E4A89ABD78B166BA4E9C8CB95E275FB56981539DECD2A7F28FBC25E80DD5E2DEA8077CC9489
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR...2...X.......E.....PLTE...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................B..(....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.].\TU.?3"...(..L........q.Q...H.*j......W..Xd.ie.f..%.XT...em..m.m.vkik...>.}..}|..{'.U..~......}....s.............,CVu.x.:C..5...;.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):24268
                                                                                                                                                                                Entropy (8bit):6.946124661664625
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:d2wiieoHTRh5a1HAteZCWOZIM+L7WhNjYn:8wHFHJ+/OZIKhNO
                                                                                                                                                                                MD5:3CD906D179F59DDFA112510C7E996351
                                                                                                                                                                                SHA1:48CDB3685606EDD79D5BCDF0D7267B8B1CCBD5A8
                                                                                                                                                                                SHA-256:1591FD26E7FFF5BE97431D0ED3D0ADE5CFC5FA74E3D7EC282FD242160CE68C1F
                                                                                                                                                                                SHA-512:2048CBA13AF532FF2BCC7B8B40541993234BD1A8AB6DE47B889AF3F3E4571F9C5A22996D0B1C16DD6603233F6066A1A2A97C16A6020BEDD0826B83BAD0075512
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:19:29.....................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................$.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....)......[]t.\Z..g......A....&D.$LH._..X..Xl...`....cZ.X.........>......f.Z.X...]..~L.S..@..I$..I.IO.....x...s.g.[f.h{9..
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):34299
                                                                                                                                                                                Entropy (8bit):7.247541176493898
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:BrSX4V3P8AIc4KLkHeXRUer0zrhOmXfvG0yH82I:tSXuIc4K2eBtswKsHg
                                                                                                                                                                                MD5:E9C52A7381075E4EBC59296F96C79399
                                                                                                                                                                                SHA1:BE295AD24D46E2420D7163642B658BF3234A27EA
                                                                                                                                                                                SHA-256:D56CEFE9EE2FAE72E31BDBA7DD2AA4426EA22E3CEB22EF68C8F63F9F24D5A8BC
                                                                                                                                                                                SHA-512:95CC96DD4459EBAE623176033BA204CCDC50681A768F8CBAE94C16927D140224E49D5197CAE669C83C77010C5C04C1346CF126BEF49DB686F636C5480342A77F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.......................................................................................!.1..A..Qaq......".#4.2r3.$.%...B.5U&6....Rb.Cs.7..cDTEFVf'...S..dtevw.u.........Gg.....................!1..AQ.aq.2....."#3.4....r..BRb$CS.D............?..5..............#....v.q.m.}\..{....;...r....h.....J..q|..'.;\..6..v......e...../.k..|.8..i..|..]..3e.m....n..Z.GS..n".y..w.-...[a...7A.....i.4.)9\..~C...=.........s..\V]c.D1<./.g.l.&v..~.h..]....zb>G..y:vNS.\......LU....t.{*..Z#.?..v-...wn.rR...P.....y\=.v....../..9_...m4...V.|.+.o.#.......xj....}..>.s.>C...m.[;.>.p...=^.i.X.(..1...{.F#N.W...xi.z...4..u[{...yO.....8..}\..2...KlX.nbya...2.&.F...R.b.k.7.GV.x.h.y\.Q..O<\>......-...=...r......\......Z.Z...Jf.'....z..Y.q>.p....o..K....h..R..c.lg?......A.Z...Y.q3.L|.'5...
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):109698
                                                                                                                                                                                Entropy (8bit):7.954100577911302
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3072:rDlmvIWr0aRtNCfShCWBxyCHMlcVG0Ezy4FR:rDliIfot8ahCWBcCHDVwR
                                                                                                                                                                                MD5:8D804A60E86627383BED6280ED62F1CF
                                                                                                                                                                                SHA1:E23FF14B10AD0762DD67FBA3CD6EFC85647C0384
                                                                                                                                                                                SHA-256:494547E566FB7A63DD429EB0699FE41AA8998F8EA2F758D813FE3D56C3075719
                                                                                                                                                                                SHA-512:0FB19F3D00159F2748C3A54E952E551B9FEA6910D67A54DECA8D099992E50383EADB92768FF1F75CFFAE82A7A157B1E0F77A2F0BE7EC64FD2324304FDCA46577
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...............................................................................................!"#.123..AQB$..aq.RCS...b..c4%..rs..D&....5E6'..TdUte...u.....FV...7.......................!"..1A2B..QaqR.#.br3.........C%...$5.....c4U..Eeu&SsD.6T..................?.....O.C.....^..R<A.g...[....3.....r.0.....nX.S....}...[.?Z.....A.?..~~I..rY|N.o...9......!...o7r../-.y...'5.3.U.s".-.0.1......SS...&.Q.j.*.$m.e..:x....`}...EP.?.7..~G(so.......O.....z.N..<....~^a.e...........p9.?<._..|......~.<@.D.9..G..?.?z.y?z.C.U.w..[.,..A.+........s......g...G.^....pz.xY.....d8.y.X...P..O(A.O..~:._.......<...o..4s..^.^b..x......_a.....|{c...:..X.....}.._...[?..NK.c...}.<......H.G....+x.Z..|....n...o....`.nk.#.%x......-|...|7......N!=././..w.8x.".8....'x........w...,>....j[w8a..}..lS..?.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):25622
                                                                                                                                                                                Entropy (8bit):7.058784902089801
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:EhK81gTCyJ/Gf9Aw3t8w8EtdPeGDh6bEi1Ie1u4ZbvgwTwrSRh7ZKNpIGY:IjcRXwdJvtdGsUbEi1IeY8vgwTyC1+Y
                                                                                                                                                                                MD5:F8CCFC24DEB1D991EBE085E1B2D7D9BF
                                                                                                                                                                                SHA1:AF76C22A765434AEDA134924C517C84107F4FED5
                                                                                                                                                                                SHA-256:7354001527AB554C44E7D6981B86DD933B7DC2E0D3DC8512AD3EECD843245C52
                                                                                                                                                                                SHA-512:818BC3690B01B30BC571E4CF45EC8D1AFCAECBAB003532644381F1CF730A5B3486862D08F7579B2D3D89167AD7DF35028881245C9550B0DA23D1F81A720A9704
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!...1A.Qaq.........."2Rr.#.t6..B..3S$4..v.b..Cs.%5..8..cUV.(.DEe.&Ff...T.d.......................!.1A..Qaq...s4....2r..S"BR.3....b#C$.....c............?..D.."}:......&&...?3..W.q*.......]...m.Y.k1......K).J...uV.b.../.0.E.H..4..W_T.[t.V.w.9.x.qe.L..o.oL.....d.\.....6.|.o...}..H{Yn..E...6Y3.l.e..D.:,.n.%...t...m.........,+,..|..n.....6.*...f........6.../$../Vi..H...e.f.F.zn.).n.E..2sTn.i...Yb?6+H&...Bf..*....z.o.^7[..u.:o....t.s=.....(.s.....f.g....q9o.u1L.N...smzE..[>...+\O....j.<....j.c.W.............U..+.F/.'..W...T./W...>i01./....j.s."..Q...{...a._~OW...Rp.)*.e..W..Q4)<..'..W...q...'..U..z..g......U}...O....w....0F:.N..V.3W.|..'z0.]...j..U[v..g$D.Lc[.e...UW.m0+
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):59707
                                                                                                                                                                                Entropy (8bit):7.858445368171059
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:k76rvGc8WKC2/UX1uEgVRY/jvv9CblyL/T:k77Z5C2/Ow1e9CblCT
                                                                                                                                                                                MD5:47ADB0DF6FDA756920225A099B722322
                                                                                                                                                                                SHA1:851946B8C2BD0BB351BAEECA9E5BB6648A87D7CA
                                                                                                                                                                                SHA-256:EC8CD7250F3D82E900E99114869777EE859EC73EFFABED108815F65742078C3A
                                                                                                                                                                                SHA-512:85A9920E1CE4A2FCCEBAFA425C925DF33580FA3C3C00178F058539B2FBC0163866DB8A41B320E2EF2CD217F00FFA06A1A831C728D3F9F910C9EAC58B5DA76E2D
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..A..Qaq"....2........B#..R.b3$..8xrC4&'W.%e.(.c.d.5E6Ff..h..SsTt..u...Gg..H.....................!.1..AQ.aq.".......2..st.BR..56.r#3.b.S.4c%...$d.CT............?....3.7...G:../P....z..K.:6..w......6....... .z7...~.....{gdF60...9....{...'[N....m.........z...g{.......7...4..1..=.z...._..p...m..Icd.~.v..9.P..0Z(.<j.......R6zm.....v.z...>x..)=g........zo{..w..f..y.t.....%.D..#.}.I.>).H.QM..cLD..x.../.^y.{.............y.=^.......I.T.......U..0_?...u..og..3.ky..K....6w...Dc......~........ik.z....N...en......_.....x....._u...4.{..P...>.....}.......>.R.....m.....[mt.....}.........|.....m......~....B.F.]C.36..q....yg...{]...+.DZv.9<.o..;..N.n&im.,....w.3...V.s...Y..e#$.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 276x139, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4819
                                                                                                                                                                                Entropy (8bit):7.874649683222419
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:/hnQiz+ET2/hDi+tv34VtpWfowTHgegb6hhLT1NTS:5nQ6TAhLtvIzMvbi6hhF0
                                                                                                                                                                                MD5:5D6C1F361BC04403555BE945E28E53FC
                                                                                                                                                                                SHA1:00C254F7B3BC0289590C2BBDBB39C8EC2E2B2821
                                                                                                                                                                                SHA-256:131D637CDC5D0B094FB9FAD17F4D2A1ACE0D03613588155AACAA2D1CB4E16DA9
                                                                                                                                                                                SHA-512:34D2C0929FCC3CC10D0A2121BD55BFA9A07062C2A7B8F101071164C946895DBCB2777641E79DE4193D57A3F0778DD4F1351FAF333B7E4B4DBE31A32DD69C51F9
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222...........".......................................<........................!1..AQaq"...2B...#Rb..r..$3CS.cs..................................................!1A............?.............u....p.p($.Y...9,j...V.*..S86yh.G.#m.5..9...6Y.."C.R:.[..-.7U3c:..].;.....f.?%..<T...&F.Lh.N...m]..x.D.g<B.....k..S........>j.K....#U..Z....<e.:..8....o..xq.[..4v..U..y...k... k....A#..A...pn.jJ.I.7:..{.b..ns.t,...8.Td.I....m.I.5Z.).-.. ]..X.Do%.....?..4jV.`llt.E...5...u.|..\F.=.F.r<...5dV....xc.%..&...4,...f...3..H.<......eQ...P.J....7...lLc..?..-.fR..7.#.6.......}:.]'.ny..........e;u.Y..$0...i..-....f..9(....}..T,.Inb...+=Cca7....WULA1@.s...4uY5.N.f.c..].ks.....3v..~..k..m)...f gNE`S......#.....Z..6.uc.m...#k.s.f*.l.$6..?..xC.Cm.`...N2..&H...._.&.E...[....f.Z./...!.a{K..#.V.5..v.B....1...9..B.&....%s.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 69x630, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):11040
                                                                                                                                                                                Entropy (8bit):7.929583162638891
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:u99+91V42ho91V42ho91V42ho91V4235z9pUkDCyixxo4PS6b8tEy3BcWWhhSy0b:ubKD4/D4/D4/D4uzX38u4PNYJ2zhhmb
                                                                                                                                                                                MD5:02775A1E41CF53AC771D820003903913
                                                                                                                                                                                SHA1:2951A94A05ECF65E86D44C3C663B9B44BAD2BC9D
                                                                                                                                                                                SHA-256:83245F217DEAE4A4143B565E13C045DBB32A9063E8C6B2E43BB15CD76C5F9219
                                                                                                                                                                                SHA-512:5A1FCC24BDD5EE16BC2C9BACF45BCECF35ED895EAC22D2C4EE99C1B7E79C8E8B9E5186E3D026BA08FF70E08113F0A88FBF5E61C57AF4F3EA9BA80CE9F33410E9
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H.....C....................................................................C.......................................................................v.E.............................................S..........................Aa..!12Qqw.....3568rv........".....4Btu.....#Rs.(W..bg.................................D.....................1..2.!4Aqrs....Qa......t..."3BRb....#.$S.Cc..............?...K/h._+.N6.-.a...5...;.r....,...0B.s(..zp..4.%r|q..E.Q^.../...C.R..?u.q8XN.>.e..:..gJ...._.n>.70G,..(........3b.&.5m...Q../...7Ie..k....e.l6..&..`Gt.P.Y^r...=..Y.e...N.B...O.#..J+........u.V;G.'.....V.]8..C.]..........E.....c..w&lX..f..\T.J?...F.,..m|..93........,.....+.R..WG...%.....(@.....p].iEz<.8.^...J.h.....a8P.1......(z..y~.........H.Z^.>..<.....L.k..IG...R.(.%..m....&u...B|.....@]ey.W.J...!d..R.8...[..>8....(.G......!.)X.....,'..F2.Z.t..Aw./..Z..#..i.kK.......b.i...qR.(....RE.............O.XP.#..(...9J..]...,.2.[w....KrW'...tY.......{~.:.+..
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):53259
                                                                                                                                                                                Entropy (8bit):7.651662052139301
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:dCiCBBenRYWDBCipMYGTbYGLHbXxoP/qEF+MU50qyJ30h2W474S/Aq/xc4674bi5:dCiIQXBCiwbDLHD0/sFyVel4Pi4UgE
                                                                                                                                                                                MD5:2EE369ABB7936F8C28FF0ABDD224EA05
                                                                                                                                                                                SHA1:FE9D304A7B49E31EAE439369ABC548E265149636
                                                                                                                                                                                SHA-256:FB12D59B8BE911247BBAFDD416852E8B74B028005A141CB4DBBBA109B4B6ED2C
                                                                                                                                                                                SHA-512:5CF396CA472C32AE988600176114106CB1619404DD899A3867A5AB43DC90583B771EF69B14EF50E56A21F038BF51D8463C6ADD2DE9D4CB523F6290E24A4DECB3
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..AQa....q........"2..R..Bbr..#S....3$.....C.4v..(X.DtEUV.....cs..Td.5uf'Wgw8Hh........................!1Q.Aa....q.2...."R...r..3.t..U...B#S.4ub..C$d.5Ee&'7c.D%sT..............?.....?...k,lk^...M".Yo5.Qp.&s}b.m.:...W.x}.*.a......N1..d-n.-..^..b..TZ.W..."....F....^......ve5...^...2.:i...........~u2pK.z./&..u..L[I....Y....@y{|>..MN=:....Q[..H....a........|%..4fV....).....^.9b.f...F...p.=.W...aZ.........Z.t.n.....z3..[..lVh..\.N-.._.sK.y.._e.G.jig.a.7^....u...*.p.5.a.].........u/u..D.yl.XA..f.z..~.x.....N.....b=.uv.2.t.'.N.-.H..n.v.a.A[.Z.....T2...._...:....h..l.E..sm..a.3I...RE...fWb.Ek.0.#.)..Y#T...........u{....U....s.].7_H.2.`O6...P......}..4LR....]4.mid...
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):79656
                                                                                                                                                                                Entropy (8bit):7.966459570826366
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:2kuUliOeU4os8ii3nF3Hxro/qxXD9u/kjYgMZqoEs6ZUldm:3uUsOXYIAixR2k7WAZV
                                                                                                                                                                                MD5:39FF3ACAE544EAC172B1269F825B9E9F
                                                                                                                                                                                SHA1:2D40DE8D90BD21D56314D3F99CEF4FBAE3712C0F
                                                                                                                                                                                SHA-256:70475431CCA3C91A4EFA3B8F04864371D2D3A45696674A1A0562FE9CD8DB287C
                                                                                                                                                                                SHA-512:3B9F3B32696AB7779864E83DC0C45960114A130BEE0CF4D0643DE57FF952171E5D775AA49141EE31A28A9B5D052B26EB421F26EA736D7EF4B3A7EC812CA411CB
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!.1A.Qa"..q.....2#..BRb..r3$.Cc..Ss.4...D%5&..T...'7....................!1.A..Q.aq..."2.....B3.r.#..R...bc$4..D.s%............?..Y..T.o.\......=.a..j..'^..s..[../........Y.......<...(..4.....7y..Ln.[9.cK.ilN...u@$.V.9.V?3..s.KL.z..w.jW.C.............@.~+.o?o8...k....,.m..9.".....q.....d....z.W...q...~...'..e..>..f#...S.....F....pU.......7..N.vfK......S..G.#.....}.c.........RXt.bq1.`.....[+8\.*.N..:......}.....r..........')......Na...&...m......c...a4_%d.............co..0.n.L.Q..E.Lt..y.|..F..4.i(>.._..\.eNL8..?z9I:hLgC.@.p....g.t......'.I!d..?1f..R..........|..4.wJ*..%g..~0bt.....*...v.......O...:.~.>~..o.x...9.@>...s.&.E.0/G.c..t.<..F.t.A.z. ......;.........Gp.P
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):68633
                                                                                                                                                                                Entropy (8bit):7.709776384921022
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:tapXpSTJDOkFGdJdBk/slsbfsw1imaapnbvD8:U2OjJr6b07m1bvD8
                                                                                                                                                                                MD5:41241EE59AB7BC9EB34784E3BCE31CB4
                                                                                                                                                                                SHA1:98680761A51E9199CF3C89F68B5309FBEC7EE3CB
                                                                                                                                                                                SHA-256:035B26DF61855A3F36DBD30FDAB0C157C04C9E8AE2197EA4D4AEB3E82E6A4C2B
                                                                                                                                                                                SHA-512:3EE331D5BCEE4AD5D3FC9661D4AB4053F7D351591A094334F963C33C9D0E32CCCABE9334AD7C308108CE99617E064FE848DCD469ACD8D83FBE5C4452DE523D8F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:05:55.............................d...........j...........................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?../$.W:SZ./...9.....-...u......r.....].c...@W_.7...+......v.+PD.I..-<1.pDn-\.....p.$....0.}V....\..>.~..XN.o..l(E....ik..o.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 176 x 513, 8-bit colormap, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):11043
                                                                                                                                                                                Entropy (8bit):7.96811228801767
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:YyroOCsBI9pkCFsHHX2RE6VOlPuIqmBtJNBfAr+ADP1IATaNeTyZ4GF+WQQ6Qwq2:BUOCsB2kCGH32RiPDtDBfArPDP1I/eyM
                                                                                                                                                                                MD5:8E9AB9C28B155A66BC5C0DA5E2A4EFB5
                                                                                                                                                                                SHA1:972E61F162D48F1CEE21963ECBB2FE439105DB55
                                                                                                                                                                                SHA-256:B243A24FA13BC8523450E22F408F9EFF15301C938F8CA52A57018B58CE6785DE
                                                                                                                                                                                SHA-512:12062D69E676B3B34AFCEF25AC17B40294282D5BAB6C0110680293D7CC96EC17EBCFE104C284E64A30EE3C483E319E9C37C03F6EE82C79632180E45C7A684E8C
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR..............`....`PLTE............................................................................................... .......bKGD....H....cmPPJCmp0712....H.s...*YIDATx^.]...,.N.8.i......0..e..y.......8.6....Fo.........=...F..._..........O..{..............3.|.L.|.............>.....v..n.1J...k...."....7........J._.5LQ`..k...._Z.W.x:..k...g..._.....u<.Q{...1...q6.cs...l............30.g...< W...a.5..>O....9}..c..........s|I.).>.fo4.<q......>...c.:.u..co.#.7,.O..G./.K.|..q.p...(.(....iH.......m..+.7...../..{W.l....b....?.`^.q.9L&.>.hN2`1..m...]$.0J....rBy......{.._...G....;.r.Q..;..,...9..F...t;.+..2.Ub......V...8.k..5.........'[..s.H..).......%j._.&.....BN..V..q...T...#..........0.E&.o7....$..m..8g.f._$..k.8...5......HgQ...L..\.........)B.I.r.(..8.a..$N.9.=..o..Q..(.e.a..O.....c.= .......$0..X.S,..(p......$..l.c.I...=."......g....^..#~,&.a9iK..ZNE`...pFJ.@Wd?.<..Bt.E.......e...i.%d...}.!..B......9.........B}.....5...;..hL.D.....4z.....|.)
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):52945
                                                                                                                                                                                Entropy (8bit):7.6490972666456765
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:cjvqR0XvFaGCTJffi0tgybmWDoTw71kHUAnjvawrlp2+NUO8dWSNl3PF2PjK/q09:cyRffflgybmWoTw1UUADHUbU21MjpAD
                                                                                                                                                                                MD5:AD003F032F32FAC4672D4CE237FA5C5B
                                                                                                                                                                                SHA1:AE234931B452F0D649D91291763B919CF350EA49
                                                                                                                                                                                SHA-256:ADB1EBBE18D6CD8FF08AA9BF5C83CDB83BF9AA179698E34E93DBCDDE12F04D32
                                                                                                                                                                                SHA-512:ECA25FA657ECE3A66D3E650628E0F65D3BADD38864C028AB6553950A1A66D7D55482C85E9E565573E9E5AAFA91C2D53235971C644A266D41EB69F8E72E3A843B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQ..aq....".....2....BR#r.b3$...C.Sc%...s5E......................!1.A..Q.aq"...2...#...B...Rb3..$..CSr...6............?......y_N.e.H7?........W..w....k|...S..d.4.>.RW5z.$.i.)V.O....>o...c..*&1.D..O..".ufbb..1...t..u=..K...m...~.....F..-.fb:i..=f..C.w.[{..~.7k....;..:..3....4.....$..m]...}....~q...9T.#..7.~..8...q.N;c..ffo.w...W..d........../t_........lWJE..).>..v;:=....Rrw#.m.n.n...E...vm.J}2N*..|.4...80.#..e....t.J..ZQ.x|g/....F..e....k+vK...M..W.X.e.L..~...j.....kz....=...n:O.:..[.L,.+R...Y..zKNI....,..{e..U.'...}.......|..t.]...~...b4......_.i..../.......m...a..n...v.j.?..Rc.$G|.31..#..$?.........h.w....-... .a.%z..u......u.A....Fm..J.......G..[...w.....:....w/.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):39010
                                                                                                                                                                                Entropy (8bit):7.362726513389497
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:6tCjwO+E+KW0ZtOgepcoWW4pAWQ6/KWcR474HOAZaDfK:68j+E+KW0HOgep/72/NKWcRNefK
                                                                                                                                                                                MD5:9700DE02720CDB5A45EDE51F1A4647EC
                                                                                                                                                                                SHA1:CF72A73E1181719B1CC45C2FE0A6B619081E115E
                                                                                                                                                                                SHA-256:7E6A7714A69688D9FFDF16AA942B66064A0C77FCD9B3E469F89730B4B9290C3E
                                                                                                                                                                                SHA-512:5438921467D62376472007B9EBF3C35C9D9FE3EDE04D99A990129332D53EBC8EE2555C0319A4F7C0DF63516F29CEDF2171D8B6DC34C9FCD075C2CA41EB728660
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!1..A...Qaq..".......2BR#...b%&6..'w.r.3f7W8.s5EUeF.g....CS$4.Vv..Tdt..G..(c..u.Hhx.......................!1.AQa..2.q....".s...3.4BRr.#......b.$c............?........uf.....t...;..[...W.h.....-.k.f..i.u..KQ..b.F...rM%/.8n.S..=9.....G$O;.f.}L..N..U._i.[.X...3.~....S.~..+t$...c.5......{..X/..#.G...}s....6......^....o~.$.\WA?...^*w[O.~..6..~....a....~..:..0.......{O...|.s.u._w.........i...........{K...._.?.../{.....A..8....<g.iu..<..................X......|]v....D..9.k.w.|-IF.Tv.-.&.........."'.4.b....z.._.Z.....G...u.xyt./_.q..m>..S.V.Xdc.bw.T.W......g..........}s.._..?....U]_.......`......>.|'.~xH....,...?........?.q....o../..R..;...Y.G....A"?......?.<..1...w..o.M.........tco.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:10:32], progressive, precision 8, 594x773, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):242903
                                                                                                                                                                                Entropy (8bit):7.944495275553473
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6144:YVxOYlZX2kCWfYoFMXC/sBFC9r+4iEGM4rrcPoWmwkU6FJ:+OwZ2kbFMC/L99ifvokU6/
                                                                                                                                                                                MD5:C594A4AA7234EF91E6C2714CFE1410F1
                                                                                                                                                                                SHA1:C0F720D4CE3196852814D0B7347F0CAA0C6FD526
                                                                                                                                                                                SHA-256:10C833E47BE1C8496F949A6B059C2D79212A4DD66BDE62116EA337FA4FE0B654
                                                                                                                                                                                SHA-512:7313F6545A334F9E2DE5430B2DB5C419C4C8A40E075338DAFCD74970BCC6309786946E5DFB57531612BF4C6269495655706D920FD99922FDACFF9796710DA9C0
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:10:32.............................R.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................{.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...v&.F;-v;}FH..Z...N..)Y.......h;C....G.0W..ww...MI..Z+..\.........c..4.1.~.Yo.Y6.&. q...............l.A#.~s?yYg..7ky...r
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):67991
                                                                                                                                                                                Entropy (8bit):7.870481231782746
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:3PC0XJjsmsKuZRG1pXuZ6z3wARnV9AEnieCc7cllJcHJ:qyMBzkUZ0gq25c7Z
                                                                                                                                                                                MD5:1271B1905D18A40D79A5B9DB27EE97EA
                                                                                                                                                                                SHA1:9618608FBD7342DE6C71220A36C3F4995BA9C13E
                                                                                                                                                                                SHA-256:5B321A4D81BD499B289B1755F6450A42047C494DFBC112DBD56DA4CED2C15C1A
                                                                                                                                                                                SHA-512:C32DD26047F6B8AA061085B38AC2B8335868E1BFD8731DB65544309223A955FA4BF45B06AC8D244408658F51A1775B6F19FF0FFC804989DE706DE8EB36F1436F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1..AQa..q..".........2...BR#b.r.3...$.'...)..C%7gw..(.S.W89.......................!1.A.Qa.q".....2...#....B.t......rc.$%67Rb3s&'CUu.v....S.d5.V4T.e.............?...?..Wj.e.e.......w/..E..eOw_.....6......u..C6h.,..;.g.D8Z..-)O..jy..e;.u.g..w..[.L""k'w.......'1'.[......=..P...S.9a.V./O....q=8xk]...........9......F...e9'....9.O.... .&.....p......c.4...mr...?.......L..'.....0....+..|_...POM=7.?.2.a....};.Z..y./....>./.C.<...;.....|.1>...........S.8.o.O...+..n2...k../.X..9...Y...:.....\...Dk......q.K..\.Wuh.!Z?.mu...R.5.A.S.h.0..[..v..+M.....aUi*.k..?#..._...X..R.&]..[..;../]L..f..V......*.e...ut&.#.J.5....c%..o.$..v.<K.6..T.IP.....6X.*.uf..t0^..-.)m$.!.q(.j.f;..WB6.b.B..R.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 814x45, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1717
                                                                                                                                                                                Entropy (8bit):7.154087739587035
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:N9YMzO6BOfqH/dAIWpdAIWpdAIWpdAIWUtr/SD:/hzJgfqHaPYPYPYPUt/i
                                                                                                                                                                                MD5:943371B39CA847674998535110462220
                                                                                                                                                                                SHA1:5CA79B7BD7E0E93271463FAEF3280F1644CBA073
                                                                                                                                                                                SHA-256:9C552717E8D5079BBB226948641FF13532DF3D7BE434C6CE545F1692FA57D45A
                                                                                                                                                                                SHA-512:812541836C8B6F356A4D530E5CCF1CFDCC4CA54AF048CAC19FE86707CE5EA0F41D73C501821AC627AD330291EF58C040DFC017923A7886CEEC308048DA2CE7C9
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......-...."........................................&.....................U.....1T..S.R.Q.................................................R....Q.a............?..d.. ...............................................+A...Z+E...V+E...U..R.....}........Q..Ah....Ah..b.AX..b.PZ+A...V+E...V..J*....Q...b.Q..Ah....Ah..b.Ah..b.PZ*.(.@z.?.`;2.......................................................Q...b.Q..EZ*.(..Z>.G.....`Z+E......J*....F+D...F+E.......b.Q...h....PZ+E...V+E......J*....F+D...F+E..............[u#...a-...f<.9^[...l0..H..6.Kn.t...&..3a...GG...[u#..8.y6.q..%.R:8....6a.+.3..a-....l0..H..9^M..f..m..3a...GM.q..m..6.Kn.tq..%.R:l.W.lg...[u#...a-...f.r..c8.....f..m..0.....l0..H..6.Kn.t...&..3a...GG...[u#..8.y6.q..%.R:8....6a.+.3..a-....l0..H..9^M..f..m..3a...GM.q..m..6.Kn.tq..%.R:l.W.lg...[u#...a-...f.r..c8.....f..m.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:44:07], progressive, precision 8, 611x163, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):36740
                                                                                                                                                                                Entropy (8bit):7.48266872907324
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:3nwDxjTvoE0Rjwit4rjucDILWg7/Da0JgGQ8e1S8SA/Khos0:SxjTmZw7nucDILj77a0JgGQvScb
                                                                                                                                                                                MD5:9C205C8D770516C5AA70D31B2CA00AF3
                                                                                                                                                                                SHA1:9A1002F0CF7F92F1BE2BB25BAD61CEBFAC282482
                                                                                                                                                                                SHA-256:E111F96490755C7D71E87C88ACAEA38AFE55BB865B1A14A83C5BD239648D5E2C
                                                                                                                                                                                SHA-512:A3E105208B32831265428572B0937DD3C17B793D8611B2DA8D4939F1BEC6050999D375E3F6B87D53AD49DFA0EAE737B0141D37597AA42116C310761973D4A134
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:44:07............................c.........................................................(.....................&...........n.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d................................................................................................................................................."...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..o...4.gP.~.c...K{...V.=...].<.........vS.........s....(.t......X......kk7....~-...yF}^c.Z.\.G./.?t...>....:.>......./.ib..).
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:PNG image data, 60 x 336, 4-bit colormap, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):347
                                                                                                                                                                                Entropy (8bit):6.85024426015615
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:6v/lhPtnlx/QulkWNY2V18A6Akp7eee1VDjMHCyLezyKUX5Gp:6v/7RrIubiA6AkpNhiyKe+
                                                                                                                                                                                MD5:78762C169F8B104CB57DFF5A1669D2DF
                                                                                                                                                                                SHA1:9638B71B584CD636834016A635ABF8D9C0887711
                                                                                                                                                                                SHA-256:E64FDCD0B108737D8B8F7B677029F924031D6BBAA50585D9C3DEF7C7E92ECAF2
                                                                                                                                                                                SHA-512:5ED899AAF73B72DEC32E171FFA112382667D5BF3FBA98C92E313E66C0A6975EA97068F4CD32B62283F18DBD5345C11E3610F7EEAC2F2DE71FC44593180B9CEAC
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR...<...P.............PLTE......................=l......bKGD....H....cmPPJCmp0712....Om......IDATh......@..aI...B..C..l...^.%.`....>.]..|0.....a...hb...0......q.......p"....;...K..x=...p...y.yy~J....|...\.......y..X.......'...>1...Ky..f....&........N`..f0..b...3.......`Z.3..3.....o.......4.&........SV...4.....IEND.B`.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):95763
                                                                                                                                                                                Entropy (8bit):7.931689087616878
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:EoES7mhTyzabUaE77xAOmq0zVruQlttNxlipxVWssMU2YhRy2v6pKKYhQzwMc2:zz7mhTyzabUa4b4xuQlttnlGx8x9h02M
                                                                                                                                                                                MD5:177DD42CA99CAA2CCBF2974221680334
                                                                                                                                                                                SHA1:35FD86B3DD082A6D4930C67BC0E05D3B5817465A
                                                                                                                                                                                SHA-256:525A857D0EDA855A64D3619DF58B1C2D013A73E60FA0D49B155ECFCB2C134C7C
                                                                                                                                                                                SHA-512:6FB6D9A6C97B1115C3246690A2F339CD612899AC25ACBA00296EAEAA0A1D094E7339D670969764FE23EB7C08FCDD01C6F78FBC0735D504D5E02AD342901719B3
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!..1AQa...q......."...2..B#Rb3..r$...6..C4....Ss%5...tu.c..Dd.EU7....................!.1.AQ..aq......"r..2...4Rb#3$B.Ss............?..H..dV....U..-..0]Cp.%O.Z.Y.e.=/.q.....j76.w@s...5.&&&5...n..w..>.1....;.vR..[.......=.......KtY]u3.g18...).r....&.IZ'.....g..4kY..X..b.......y<...r1........e.._...X...w....op.m%Jr31...S.Vo.._....OI\]....F..V-....\...2j..X.....y.p.$4.....&#..]..n.V..x..P...F..C.f....])..~..Z\.....,..#..v..v...2V.k.SuaydO../[.*c._..oTV<Z.s.[...o.x..>....-....v...#....-.X..L.Z./#.XG.-.0......%w..H.@aZ....C.}...N~.;..R......5.D......I.... .R........s.>..ks....(...S...9....2=. :^.. p.+?(....$..Q..I.........=|..`2. v..t......U*.8.u.. ...'...*...2;u....& 3..$.
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 728x77, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2695
                                                                                                                                                                                Entropy (8bit):7.434963358385164
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:N9YMsguOZgKAz2vcaQU4R8r4BU0/Rc4nbIQdsohw13ZmFLY6KsVvMdBL2mr:/hsEgNz2v5T/rQC67SoWniHK4EdBH
                                                                                                                                                                                MD5:B23DE98D5B4AFC269ED7EBFDDECE9716
                                                                                                                                                                                SHA1:10AF507A8079293A9AE0E3B96CF63A949B4588AA
                                                                                                                                                                                SHA-256:646586CB71742A2369A529876B41AF6A472C35CC508D1AE5D8395D55784814F2
                                                                                                                                                                                SHA-512:BBACBE205EC0A4F4E3AB7E2B1DEE36FCF087DDF77C7D18B53AEA4B15984A47C64E19F9B8D8FA568620619CEA0361D94FE7ABEA6E502EC6ECAEFE957F42ED7EE8
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......M....".......................................,.......................1....!ABQRq.2a."CbS.......................................................Qa1A............?....{............i........l..-D.q.~..|cS.S...R\..d.8,!.....]f$....Q..di.;~5......vj......MqCe..=.*.f^..=.}.Cm]qCd..s=..u.e..v..t'.,.....S.s..N...>.d4'.,..k...N...d..9....G...y....6J.Y.l.{Vf...^B..i.3.z....:5W#4@.S\fj.%..Mb.5.v.5......S.E..#.v.I.....I......m..H....D..|.Y|...W.Wf..o..U.0.E..@.T.....................................'.S../...Z......!J..1K..rI...T.f.>.+.N..o.....\..^u........e..q.qK.GXP..-...F8".;5J...]Y......j.a.,R.......J.N........z}<qu..J.)`.}X:..}.............B...[. ......,B.).b.......(Y.O....c\.o.e&.W.#Bo..N|..N8.#J.>1D.1..b.&....q.#..UT%,.d.....m&..^...VXA..b.nbTV~.....^........q..#./.I..=Q..=..Y.*.Ib...VZ+......Y.........'.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):239
                                                                                                                                                                                Entropy (8bit):7.085665604898007
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:BSNq1H2xh6MZJYXKXqrnzo66uoxTQWryJJ:INyWxwMZJYaaDixTYJ
                                                                                                                                                                                MD5:E777286D0AB7475C872F7D1C52051C6E
                                                                                                                                                                                SHA1:5D03BB81904327F0DECD15D672DEC3F6CF4087E4
                                                                                                                                                                                SHA-256:7A03DAFC1B2EA78A552BEAFC48361925061317BCFAF5A01DC2CDB0FD00C23B1B
                                                                                                                                                                                SHA-512:D4DFCE19BE95EFC954CBC6AE8B45A9F58D0BF9A8893BE2B1B9AAF33CAE6698267DACE94A724F2E65E5B9995DE2485827064E98D9C1449F78E0DEA51218B709C4
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:vS..s....4\.....k1..%...hP..A.....D....&&..".Zk4..3#.<......D.[2J..-{....o....#.Q....t..U...>)|....Ka...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):256
                                                                                                                                                                                Entropy (8bit):7.15363949023282
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:9YgbtdqmtyKQqJWcE4biF9tvXKXqrnzo66uoxTQWryJJ:2gCEy71z9taaDixTYJ
                                                                                                                                                                                MD5:03108A621DED391004C993248502E010
                                                                                                                                                                                SHA1:39F69846B03DDAF39A87F893C708589496551E48
                                                                                                                                                                                SHA-256:14F66739D5036D1141347FF7E741CD9F6AF0A53E2B3F9D1F223BB2CD7513FD2F
                                                                                                                                                                                SHA-512:A6E3412C63E413E34471CC014F7E23B9862140B9A78DD1EB09D4161CCA74A10F50D582561152F0422EDB701D9E2A7CD33C0669BBFDF67904C15C47BF5DA0A16C
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..f!D..[.....F..P.f....4S.....PYl.....z.........G....T...$.. .f.;.[ .?.4.'Mb....p...j..v........,..2.d...7....{02. ,d...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):266
                                                                                                                                                                                Entropy (8bit):7.205836935442777
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:AsAVwHSJ0HYr86a62vMJvXKXqrnzo66uoxTQWryJJ:AsAVw6W886x5aaDixTYJ
                                                                                                                                                                                MD5:1834BC41B9AC26ABFA5DB5FB84DB37D1
                                                                                                                                                                                SHA1:0176041017E41729C35ED0AE3213DC9B4932A075
                                                                                                                                                                                SHA-256:DB6209CBAF87753F921AB2FEA928CADCCDC7E72C24ED52FA911A026F81971EC4
                                                                                                                                                                                SHA-512:3DFBF54C1F34AC4D9C4DFDE44C7EE5A15C568E892106AFA9003F34E7F952FF2A78253F6817368E9BE8F99F7CF13D3D32666822A0771225513336761202F86324
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......!....-.9.h..`.P.4S.....P]l....fe..Z.....D....T..xy4=O..J.`.iW..q..r.Z<..-.)k.../...F.O.I...K.l.f. ....=Bm=...5..In.....l...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):10483
                                                                                                                                                                                Entropy (8bit):7.980484763754177
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:Q9QqYIgpXXhLLg8nHcMQI99kP7V06oTNIdtvfvpq79H2eU6WKsX:QZel0aHcMQY9kDGputvfcxVU6G
                                                                                                                                                                                MD5:FD8FF150E3E2200400A3D8E94E34C0A4
                                                                                                                                                                                SHA1:CA7BFE8D440C5A1E7104C2913AD43B467819531D
                                                                                                                                                                                SHA-256:9B10C468A996DC8D24CAA4A48A0A61306A7A4B19B5AE5FABBAE05D0E3BC51D91
                                                                                                                                                                                SHA-512:A39F2E11830E4220518C879C4E0203E702EE3F017057FDAA0626CBF768B8990AA99CB6CB8122E7C208B9A08C5345E5FF9C7FD936CA4F4719DC349C7A80D99BA3
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.... ..-.7m.C..$.\./vX.7...7.H]b.^.....oN....$.|.s...... .|.l.<-Y....Wp5....d..x.......v6.l.....]..... .@.....ci.s..$..s....K.........>.."LP........NO.-*..96.p..O.b.z.yH.....7C...../.......$........P-i.Yu.).+.e.?.4e..s.[!."._.!.....M"......-?..k.&,....$.....$(.y....H./.2...#..>.8..+.......PjZxi..._.K...z.a..Jr.9.[n....05G2..)Y.{z..$.+e..%X.Y.].TZ.q.!.h...=k..}.S.eK.+.....k_.......oE..../0K....zo:.....Bj...l..O...i..Jg.Q2..i...<.<;.E...P.;.*k..%f.j....2..`.T)..q..:..7....U.{..,#.s7.H...*..\....]....o~.tob4.:Sv5o...?..3....G..V?v...e._...n.,..p.mm.......J..J...f5..b.|..P.UIy0..*.i.sh).A..b.4T..`%...gf}jAz.....D...3..@}.m$.g\.\..=..p...._.....9....Th%.+.D.....b".......81.u..q5.q..h.3/{c1h..1..zoL....F......E).z@......dO..\....>.{..z.n.=...&.0f{..........(-..{...%.["}|.m.'..m.o.es..~=.uJ~..r.../....~.UB. 4......2.E.iN.%............w..gs.P....an>`.#.p....t..Z...`/a.N...o.....L......kq...k.....&.....n&...gD.BV[...9o. ...<..*....FB.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):24396
                                                                                                                                                                                Entropy (8bit):7.992791870905223
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:384:GzYcHIw98CP/JWVK9084ijOiyCmuH17OwopKWzY8f0c6k1KBzZIfiFT8fpYzo:WNHI76BqK1FSDuHN8bH6k18yqS
                                                                                                                                                                                MD5:E48D7BCB62569F184FFB05ACE6CC4D70
                                                                                                                                                                                SHA1:1F9D143F9E6EB07E5517E95A71037B3F13EC6A1D
                                                                                                                                                                                SHA-256:12B41F001A77BB9EB7CA0B3F251EEEA80AAFCEDAD276BCDEC91480E13EA5E220
                                                                                                                                                                                SHA-512:D6DF8AF4011F9138632CC2BB71F81000A787B2033D2B26D06F4B572D9F18D7E9DCD7F5DA30AFB1A9556682935ADCDB0632961502DEE289C29B865ABBF4027B87
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:(/..C0.0.R.#3.l~..88.|/7..+...W...u?......y....mW...C".t|<.a..m.....kk.....x.}Z\.WL4c...OP.....:os_2."[y.F...k...8..o.>....$X.......yt/?).e..$....Fh...d...W.....B_(..P..=fA%.rf......bM../.........A.-Mm....,-....7n.U...-....`!z.5."..A|.7y`..:.o."..d.r..d.... 2j...A......K........nd..C.{t.....sT.*P.?.GA3....D.%.F.nx$\.}.....a1nkw>>.}...#...;.{.Z..bvOjlJ<.*.L..c;..s.......,..X....E..j*.B......X..k..ut{0..e...DN...uQ.F...~..1T...j.!n..'E...z.D.. .P,...Q.o.Y.6A.yUpQ.......+.4|..D.....H.*@..dw f....Jp...Ic.#3'...)*...g%1...g..x..pS....k.?.......j]....AX.....!S....^&m..Z 2...8J.#..h.f.......S,+>.%cA....V%{O....G.0H.F..6...F1?N.(.........7.8...a.6k...`Nq..#..:R.YP..l....9.........@..+....c!.83..R..U...H3+X:}....Nic....H.rf-.J..>/KBj.1......................M..^.q..a...%..$..QT{....I.(;f.Ut..g.4z,......^@..~..{..r}:.z..p...R.\.....1pMW..)n..)e..*.......J..V8...T..T..|H.5.N..`.....^..)>@P_K....z..|....\).T%..5..r...`J.........G....l.?..T.!..,3"..r.h
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):509
                                                                                                                                                                                Entropy (8bit):7.606982618710977
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:yBoOqykIPxrJpZwGZlJ7EP9l26qx5I8IE+xUAIQJuGLWypRO7BQ1KxwSXKXqrnz5:ukGxrJpLJ7Ew5I853D1crLOaaDixTYJ
                                                                                                                                                                                MD5:286F95C205D4A623B13BDFC47344C450
                                                                                                                                                                                SHA1:59354EF60B9AD768938C7965B5C28ADB926D30FE
                                                                                                                                                                                SHA-256:C0A388DDC90F4902BEC4EAC0885E27CB3C32437EB6CEDEE7C2CF8E3D1140589D
                                                                                                                                                                                SHA-512:A34B8FEB58F1A0F9B8FAB653F7E263E86788E76C6F0F3712E07FA96E03A22D0F182107DB8C53D5180D5526232F9765BCA4A9B714BCBA4E6F3671C878F1B28BBE
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:-*5..A.."...9.0..5E..&...T.....c....,.|..#.....N$..r.....pS...w.....<.$`...Y.j(.E...].Yl..")..l..x.QT.<.u.. !.,....y......>...v...&...,.g@<.M..N..6. .........u..(.V..[..i...r.....|;-...H.....)B...hD.Y.....7....3.TV5R(.1....)....!.u.B.a[..I.~..e....4l.....i1.......xv4.3.#.qD.......{y4>L..I.2V.Q.....R.].....$)..^o...L..._k....q....u.J.....ez88.....Yo...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):274
                                                                                                                                                                                Entropy (8bit):7.2299567634516295
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:D/hBrV7h86FWcJ33VDx/vXKXqrnzo66uoxTQWryJJ:D9724Hp5aaDixTYJ
                                                                                                                                                                                MD5:049A923F961B4BE5DE2D0812BF09B46C
                                                                                                                                                                                SHA1:517FBA6B9A7CD0D14DE7776773A59CC2AA31BED8
                                                                                                                                                                                SHA-256:24830AB3D32E8200D0BDFA689EE4ADB042ADE5EA3FA2B6B402915099ABBCE9EF
                                                                                                                                                                                SHA-512:A8C6EDB86694A6520182254D396FB7F65EA0B28728E8700970D4B978EFB7566D2E847CB998B27FEF09E3126A86747785D10E9C53E157E5DF9CB038E46526DA8C
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:dR.nC.......t..N.$Ms...U..NONZ]...Ok.4r.....PKl....s...W....D....T..xy4=....{.x.3a@.^Q.4.....:....P................y*5._..t.MC...h...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):296
                                                                                                                                                                                Entropy (8bit):7.267874343609655
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:xy0RwUy2WkySJ7QJ51FCCVvPXAXKXqrnzo66uoxTQWryJJ:/Y2WkP7QJPFBVvPXAaaDixTYJ
                                                                                                                                                                                MD5:D3F5C231345CF2FDF1C9BE14EFF61628
                                                                                                                                                                                SHA1:0F74E5CCBFC3EC65A5AF6442D00DFA355011C2A6
                                                                                                                                                                                SHA-256:DDCBA53A8A52CD5847399EFC5A5B6F4CD1DC737EDFFE7B845CB3A51926783AF7
                                                                                                                                                                                SHA-512:F8E7436C3276677892B0AC1B3449AD5E97EAC6019679FA9EBC0CF56E0FCB84BBBB61710A555E5D94BC9E1FA58272C45BD93EA3BEC95DD727F13FEC2D17B40D91
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:yw.-.70r......f........F..Bc6w.9.a|.n._..J..$.m..L.4r.....PhB.J...fc..Z.....D....T..xy4=O..J.~...*.....4....(wL....4.......^...'C.x...E..&..:*.D/k...}.Pl...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4456
                                                                                                                                                                                Entropy (8bit):0.44136916492704964
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:zJoX36dhbYyfhcD1RRXUn/cX+zE8lYu+T0Iq+J+/KRujslll:zJ/dhbYyfmJ/U/cX+zH6u+PFw/6/l
                                                                                                                                                                                MD5:88CEE9867C5726D8E37B8BAEFF27D68E
                                                                                                                                                                                SHA1:48A566BCD528ED9AF604DEF7EE6A9E8EB26877BF
                                                                                                                                                                                SHA-256:3B47CED04C96B4F3C06A4B881D7EAEF520DC810D0D530CA2DB60F11441478E40
                                                                                                                                                                                SHA-512:40A3032F13D34E6C9DEA059E53A05813EEF59A20DF0E846D42C0AC0E62829A83F3911FE9DB7321417860796498BAC7DC7C219AFF06268DE9CE17F4220FF31418
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.%c....L..=../\p.6...J..!....h................?.....I.......*...*...*...*...........................................................................................h...........................h....................D..v.>.Z.........kD.^...D..WK.r............................... :.. :.. :.. :................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):267
                                                                                                                                                                                Entropy (8bit):7.2393570515995656
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:yPuSoj/PuerC4YD8pz9um7evnXKXqrnzo66uoxTQWryJJ:yPrmW+C4uOz9p7evnaaDixTYJ
                                                                                                                                                                                MD5:32DE60038722F17BBB9DE4032434CC2C
                                                                                                                                                                                SHA1:BB4BD04885474A31A3239E6F2BCC3A03F3E0015C
                                                                                                                                                                                SHA-256:A2FCF2C1F80129A4A5F44D919D73C7D267B8623322382754EAF6B4888EEF5A4B
                                                                                                                                                                                SHA-512:216A9EF9E7BF67E74939A4E532B1598F51425A512F2481A59F7E3603EAFF6AED38F7EEB574A28A593AC920E1352CA1ABF70CEC28442CA2D946DB4D83203D3057
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.&..'.vA.=.4Q.....PTB.s....fg..M...N.}...v...A.?L..J..2./.$;z0...=....a.f.O{..X~..w...f.<5.);R..EA=*.....M.s..!G..VW...>4D.\..I.h{...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):7.953303475842531
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:wgRFESIu/L2Sy2l1i3sj/T+coGx5/I3C32zhXps/T31d+/YWAPhXmi0f:wdSnL2nsPo2g3PNpYTv+ZiY
                                                                                                                                                                                MD5:9B624760308C6BA0D6D3C5D8AC6229A5
                                                                                                                                                                                SHA1:C97B8B7629601B580EC9BFFE8DA27DD02D239A87
                                                                                                                                                                                SHA-256:ED293D7413AB22442DB05308651343EBEE6C18875FF30EFD7A3762DBF460423E
                                                                                                                                                                                SHA-512:CC6279E0BA6BE4D76927C531D5B5ED71AE23C18CB3C79280CB15999E589496F1F864BF4CDFE9188DCCD26D76661BE24F9D743144C6B9B407DD1B01F343E05C96
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:+...w._.+...rk."...o...:..~/C.hB.E...D...l.3..b....F....U...K......2..U..&t..r.....'*..v..`uq..:n..0..=.{Z?.....X....j.X....2(.$F.D.>....LU......%DcH..."......iT>..a..sE. ...5..#.}..^..X2.Kb*..e...r....Q....7....Rk.....![.<....e.7-....,l`.T..u...{.Zq..2#sY....pnxB.3.%...'..M.k.W(...'....#a@.t:......L..Z7=.W.l..x...u.~......[..j..,..Q..4w.._...,..P..R..V..$t.y...zl..'...u. ..y..*......'.....wX.Za7+(.3.}.$...8[h...o.ihh._........J.J12p.L.Y.c.......L......Q.)152@8.m.96*{m&.<....y<.j<..7..1.$...kl."T<.... ....m...*.&..;.I.....}..L...v.A$.n..5..8....>.N.4?NJ.-i.W$....`...EE....U&...u..?[)....H..'.e.=.q.{:k*$7..f.$..CH~..]h..fCo@e%..YP....<......[...+:.s*ZH.Mya.]).j.?.......!..e.,...{..1.w0.2....|".......N.}...Z.x.....[?.).a....].|....Tku".~...4.Lf...le....6B..)...5...............5./`.\?..>..*p,.6[.o4...A.@..2.>..>..!...y.X.......qu.E`.9..a....Q.wgTj..nB.......Z./p.G......P.&........2/...f...y.Nm.x,...A.,.E...`..;N.).B@.W..T/....~.J.j..W.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4451
                                                                                                                                                                                Entropy (8bit):7.961545613245112
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:xKOVETRVcg7at999vAfVIw7YZRjsueWlF1JxG7bz9/WmKYO7K9rTwSkvH+J:x3AKqAGFEZaLWlrybRnYK9rTTtJ
                                                                                                                                                                                MD5:ECB82D2D40EFDF364B1688A969A6C9A6
                                                                                                                                                                                SHA1:1BBAC86FBF33E1D12443D6B4E74C129F714A0D8F
                                                                                                                                                                                SHA-256:BAE88D2012F6EF77C655872344EB9B1F074C86FA37820E3D71741753F2324907
                                                                                                                                                                                SHA-512:DA685BE048F551F4B86EC7695408EB9DDE7BC1AABA785D198518519F2E7767ED964B08E56E6AE98C728F62127EF7E3B6405F31AE3F8513921795E3933AF7DBCA
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:.4....P..(,<m..4......c..k.?1..~.M...PU...k..8\.....3.Zj.D.y..?,6d.;hPVV.k..*......x0iK..!..I../..P...\'J.e.a....;."h.....WqKy.]!..Q.Q.Q...+'0"N:..~.N...O..rX@......_..a.?..b..JG..]3. ...3n.....U..i.!............R.....F..).........|.......f..PUS.....V./.l.Q...F..q.L..!)...+..ek..u..SP..h...(.....m\....`W1..........,..n......A.-k....&[.N2c.@.o.1..n.m_0.o./..jO......F.:..E.6..v.....K.~z..=....j..Npx%*=....?~"..#Z...0..h.....'...&....tq.....r......c6J.zE...&..`.v..WQ...v/..5......F.<SJ.".d..]..vs@.dA.i.....D.B.==...7_.*U.&H.W['.A6...'[..@......4b....r...d|-+...Nr-G...v.}..s,.Y...R.pf=...1......z..v{ a..a.&a.f.Z|l=e......I.d..#..?.2.. v.....4..t..1.....9..3,..R.8.w..`d..8....f.kR.RW..}7`Z.D*\..G{........|.. #[hOL.x.k..s.}..n.z..... G....G....&...n..{q...&....a.W.T..D...'..y..K%C.OI.........._r.)x.X..wg.d.#w..Wg...B..d.Q.....06.#...$2..\....Q...].....Z.......GU.S.............h.._.-.J..7...O~a~.....6...U..&.....o..K......8.-.J.9.$K.r......U.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):18681
                                                                                                                                                                                Entropy (8bit):7.989716633704526
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:ofPOOm6l4t76+vS4NBwi3J38yJ3/43w+MmPTXqTJdn:onOOm6qtvwiZsyJ3A3w+pYdn
                                                                                                                                                                                MD5:D23CD7283018728E92BC1A0D6B28DF83
                                                                                                                                                                                SHA1:691EA1AC1F67C0E00F9916B8DB2C127D509D8E28
                                                                                                                                                                                SHA-256:05B64B278F9ECD22C67229A0872CD679DCFD98889AACFF96F3F5ADAC918FB78D
                                                                                                                                                                                SHA-512:8872786372476A93189F2791D80DB8FF99D045D30C1331E53B92213466AA11A40814C0EADF8E607DEEC3A5C775FEF10037B2417C1E2C2E5697A72C922B85F2EE
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:...4.U=.e.jr.T;.Q..C...Tk...b1...K.U.1..K.3..I.....0..X9).(U.....k|...A+.H.S.d.x.$...s72.m....X{......V4[DByNi`J.2....c..X.._.d(..O.CN.3..|..2.I..,.*.g.E>..(]{^....V..R..........d2:].Ns....+0m....k.>D.%.1|q.An..Ep).Xf......h..V......Ao.9.....o...&...DO.y..l......T..Ay/*...G.\.S..h...(........".*..K.@..Nv.aX.Ow............FoSu....._...(..y...k.C.b..VyZ...@.B...*.?.i.!..%..e..tg.....*.....cb2..X..<...6..i......cn.p&...]....B[I0rO..$AW...-.......kQP...q..G..._.<0...H....e.V.O.V...f.#.#.A..H.f{.+../A...c...|BU....ZQ..J>..+........L.W.*hRNi.M5...2.DRF.Y..8.<..\z.2.@.=.M..f..J...&..y..S.aH....ef.U...#.....<...;.>.....].:.;.X...P^^.,j....a...)CU..e}.c...R....&|........%...&.......?to.z.P....&].....ij.1.pg9.I?4.x1.....G.]Z.B.V...e.'.6.N....+l.%..D...........).....N.\...o.......K.F.=+..o...}..7C..|h..R'.J11n.!._.8>\..........&.k.|.U.3..fq....E!..P......e.Y=.....~TB........9...4..T.-...].C.8p..)...a.?yR.s.y....o.v....BB.g.C.V...b..n.8..l.e.6}.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):18711
                                                                                                                                                                                Entropy (8bit):7.990378569239687
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:384:nGXJE4i9mKw8UOMhKELuqbo4wRZujbTBVmN9ec:cJy9mKnMhXLVo4wRWf7GX
                                                                                                                                                                                MD5:EAF081ECB82B4C417461FE4ABC9BB918
                                                                                                                                                                                SHA1:60FF064A337952FF93FAAEF3097A0CADD56D1C08
                                                                                                                                                                                SHA-256:2B7E4466FE1C5E9A5F58A7498B8E40106701B9C4F4D0A136E8C712919830CFBE
                                                                                                                                                                                SHA-512:BB2B6C66E20EE799601981069C515F07F8AA704E6A90AD5A744FB6CD8606A3A93E4F5E02656886C3F2717FD9CE35505A833680325A8D5304E40AC9D2E96014E7
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:..oYI.).^..e'...r.8}..~.....c,....w....g#...7.2..CU....+...x.{0ef...aK.|U...S......A...$.{..;. .5.Tx]...cF....(.%T.K......Bj_..Jk........WI.,.z..7.....O3.p.=...v..1r_8....{G..H.O.P.....m..`P..l(....KQi......G.E.8...H&.p..,yM....yCeB.Rc..-x.p.-@.4..D....1g..A`..9CB..#.$Y.E..Y.h....y2.t|5.....-=..@'.._...8.a......hN.\D.:.i...l.....e....:J#..............b.%S..>..r..'...8.....M...e,..I.%.K:..g.i.1...\r.....`.:.g.y....fy#....Q.h%z!.........3...c.fM.30+.xO2`U.n%~.~....#I...ati..v(,;A....T.k.....:..5..L....a_......U3.!......^Z..~g..a`..r.;.].wt??.....}.d....>.."<f...ultB.....g...z....29..L..f..........-....9.(I:..K.! ...<....Db.v...b1=)w{/.r.......#...+0.....B....v......;'...i+...E....4.....?...Y..G.#....M*.S.~2...Z5..,..G.hnn.?.{z...iq.".g..sV&t..86;]~.*.u:...IJ...5...4R.A...{..9.jf.b...Z=$.....,..e.......z/........=...i.B(..}#7H.vE:.s-h..v...".3H..n...{.N*..!g..OymI.Z..M...8.:..h....`.<..]...La.d.......@..?E. ...o.~|O.. .q=u..^.....Y......n*.O.......
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):751
                                                                                                                                                                                Entropy (8bit):7.694657205181524
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:W7NmS1BucfKaZoWo9msBulEOjSgmxdpm3xPSklnSu61lza1Yckbx8awxFaaDixTg:W7NzpBdoosNGupGfBSu6L+9ka2xs
                                                                                                                                                                                MD5:BC48A6A086B9ABE7CC332C7A3274F96E
                                                                                                                                                                                SHA1:C42789546BDF8C01D7EF91232B5E83A38D972D8C
                                                                                                                                                                                SHA-256:7E1E6510F8E7A4C7F21CCC42B615CEC451AF98F700A547C1D605F0FDADBCCA6A
                                                                                                                                                                                SHA-512:5018A8D25731C7047020E1DE2FED0FBE2754585D940E486E63F30987B4B6B590F84C072F43BCF82FF9A7080003FF5C687FD449C8BD1C16B88BA15E14646E32AC
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:.m..0<a.:.. .^.....f..x.e...>o.x..n.L....b.vN._.N.w.....G{Q.(! .=.19:y..[?.-.D..su........[6).7.....}..yN..!.Q.n..!L.4...]...DJ.......Q.<C.....D.......5.N..q9.&......_....7.8.hcn%..;.Gw..Qb.eg.]....U.'.c...*.`.4.4....lW..:.o..e..{....8.'<........k.|...L...A.`.......4y.....EK..O.....&...ux..8..A{.....} 9..ix..#"....nm@6.-c.R...iH...R..+.~.*.......P.....x.HP-|.:..w:.....$....;..-S...p.C3.<a..a..."h.EU..?.f...E4...~u..duB..4......5.$6......).r...}i..2.6c.N,..i..g..N....H.7..8.............;.m._-...3.f...y...$.i.h...n...P..}."L..f..........S............9....].L.$..&..j..|(#....D.....<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4444
                                                                                                                                                                                Entropy (8bit):7.960857071736561
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:F4eQAntE9JLFLzNGy/4vGKh0dDwtDrx4ejS3AGJ107RXm/a5oyVvKOPz6kF:+5KE9llge8OD2Dd4eFRXhhnzHF
                                                                                                                                                                                MD5:EE80DF1AA04CC124EB6FC838B8914B34
                                                                                                                                                                                SHA1:C101F55E5ABE61BBAB3025B2307D4F72968B11C9
                                                                                                                                                                                SHA-256:173AA6D86BA49F469021802A005BB3D710A02022468E0478969BF617540D5052
                                                                                                                                                                                SHA-512:9AADA986CC2178FDADC40363CC894B198C09B08902A163CBB892AD3D64FAFE523A963265135C853DCFCB7208B302565C785AA4B409054BD4A31D3270E257C7D4
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:d.......n...f..}.......D.Oz.W.c...0g...M...v.:a^.=wC..,....6.....07.......#l....u.5..DS{Ka..T.M....[..".I........7..C.%.(....Z.V....7k!.D...t..f.d.J..hq..Q..Sy...t...[u...n...-.=..t.SA.L.'@d..._D....>.K...@..a3:.,.%...V/.t...wq.%..`...4...I..".I;..........M.....*|..q.:..,.1D.4.01 ..,.?.d.pT...9l z...m.V.+.i..t..-`.....(.W)M..9..=.l.z.?..d....[...x......._.y.qnJf........gJ.zn..=.....R.YKL.e.]........0....*@/.t..rJ........lB./.W.-......+Gp.6.kI..8..^.]H._..k.$$..u.....%.....V./.S......@qS.....P........T..T8...xZ.....o-...r?C=...D,.W.........1...T.k.....|.z....f8"...[....U.]...6/...>L..7.Q`sk....yd.h......9J........g{..g..b..?...(.N..-=d.S..3Lb.n.q..p..>.y.m.}>.s..UW.E8f.I.c.u....%.....s...wi.......D...x..QTk...\H.....].....!..5.T..!6.. g.f`.F...X..k..=..xL.PJ.*nx]..qj.'...M.....IA..n.(...8k.m.s(.?..x...mw...$.P .I......N'.....`.aBCy.-n.\.kf r..%q.+.]...}}..|.#.M....B.6.4#...o7.....L......R..e...v.2...+...0f.%..;"V.R..iv#&..r.F.p.}z193
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):748
                                                                                                                                                                                Entropy (8bit):7.749469600375046
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:O1kZwVwxTOIDWmYTvmv4pdRleAsaDa8EixP3G0dsOj6L1Sh+lKxu0pLenc1SaaD5:QtKI+YSslekD1EiH7JAlKIfci2xs
                                                                                                                                                                                MD5:43774CD0A4F47E2BC029B2A080E6CB9B
                                                                                                                                                                                SHA1:E749742F0C4082614B3A0992709404BFBB3847E6
                                                                                                                                                                                SHA-256:1D5B0DA5A01C0FE272682B1893EC5A085808E6DCA761B33F9A30FB2FD0E61423
                                                                                                                                                                                SHA-512:932AAF455888603B8F196AEDAAA7AF4B11BBED8962171DE35F30FFC517E3808C803EEC90865125A24B84022F1E285080C80A178F957A6B8BB07B08951F65BE56
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:.#..$...>...#C.o.gW....i..]...}...jp...,K.F+.2.(x.S..T......r.B..>w.+5.9/.g\....~\[....~..(A.........I..i..i.x.&../.3.W.L...c.^JQ.\d.5.....Tsn4. .1..H..-b.&.>4.C.*.Gm...R.j............h.~!..,.O.#.QLY.I<..~V......E......F...}.w.6.9........a6..^......K;E...W...4...R....~.B./.........+..<AwF9..r.....y...kg&.e ....N..`..Q...|3./...k.w..q!t.%.+..".r..p%.g.w..M.h9x...L..{....U..:..@=h....z..=J..~....Z$.~.......3..?..%.4......5.$6......).y...w..8......[..G_..Q......r.....{..6.9U22..W/.*..F..!.......{...$.iJh...m...P...xA._.y9....M.X.V.....fV.q.M..........yG&.j.../M.Lq...........<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):15298
                                                                                                                                                                                Entropy (8bit):7.98698755833572
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:+rQS3cu3mFsoTUlz4N33LZlklQjU4yX5emZsNr4stdeeyz+ETdwccMEvDkRSwJi3:+cS3cWowlk3LZWlgU4G5eIs5aiwJibL
                                                                                                                                                                                MD5:2EECB5ACA374608A34B26DC4BCF82726
                                                                                                                                                                                SHA1:862EBA5D635726C26407786E0194BD5E1D953FE7
                                                                                                                                                                                SHA-256:64C7906DBFE1A9F61C3E6EB9C63917183BC194F4E0C6500B4823DD264DB9D981
                                                                                                                                                                                SHA-512:CAFEB6CF832C9BF2EC37FE188D9C4480443300CD61375A89B186F801F32DF3A6D6A5593584A9C9B5DDD443F7D6FFC41D566043839205AED47DA15A2CE921FEEF
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:.............I9p...).......`...6w..=...........C........G.......V....Z..6.Z.u......&T...,.Rqn..?.......oM\z~.X.R...st.{.<..x*u0...Jz..f...-.`....F~..O.VR.D....t.%tfd1..[y.p. .NnJQ.....f....5a.^,..w.........1{O..._P..vP........)1.../06,^..I_o.tO.,;.z2cr.^u..x....]4...p.#..%.<>..j...$.........l#&K.... .... E../(..HM.n.+....:..TF.q..,.....4?KI..C.f..^...Swv.Ua.1.$J...p...y.......\.....-1[od.....l.*'.......pt..04C..#..3~..V}~e7^.l....$.t..{.cY7=....ov....*.....%.........H..5-..9l..^.1f.0.6+..o..R*.k2...[V..../......*.yx.x.1.H.2\.tM.Y%.7(.l.zU...u......b.......{Y....c.o..WU./pF[..&.\3t..K.....8]....D.#..q6Y...u.N.A...>D8k.tNS~Ha.K......R.Q`.;.)(.v.E.(........Y..+Q./n..k..xK..w.e_l_R!....F[.`.z.>S....*.e...]L.5....Y.][..l.Zm1...a/..H....G............].<..A.Z....@....n..</.....`.%....+..-..QY\...y.Z1...^l.y....ZmS.AI.j.W=..m....7.<|..K...#D.hr....D..;....8X. ..P.e..VT....\.n.....K._[...W..|@......d..Q.....D...0e.........90TeE..pl}..:J.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):700
                                                                                                                                                                                Entropy (8bit):7.7150173646280935
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:CDcyj5bL64Qmxki3M4sQDmgaYAR2NntU8BYU1hk8JR7Uwr1Rs+dZzq3wumaaDixs:CPj5bO6xPMHQKgaYAMnJaMJRPhe+dZeC
                                                                                                                                                                                MD5:739D372799711FD48B4A952363A995A4
                                                                                                                                                                                SHA1:718CB05F9EC9E2AD5DAE8E7CFC3AC378BF5F30B5
                                                                                                                                                                                SHA-256:5688B30E63C466F961B22F84C6819C79F82015E2147E02DF5602C94482BB37A6
                                                                                                                                                                                SHA-512:E32F765540CAA4600A6B6CBCA10805FE25A6B7D239700F3023D2218FE33E688F6997AF7FE44079B40FCD9CC17CAD731C244C824210D6DFC154A49EEEC450B2DE
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:..(.VRyS.&..~.?....W.N5C.].GO0.:Kl.L..p.........\.da....]...}i.^.@.O]5..Zw.]..B)u....x..b.9..2.JR_... -..t.......}.d."[b..y....2hL...l.........@.`}.)nx...5..b..c..j..&d...$=....\R-.aV...'...h$..;.J.C(...u..z.....[.7*-.C.}.....2w.v..P...m...g...(.$.sc|..gJ..E.Z..w.{2....@.=.A...-(E..uk.7I...#.9....xD.N...?...b.....5...J@.]....gdi...J.M6....w..P:...~.=..zr..?.,.E.r....J..h.oW.rD._s..;T..m ...\e....k).........sR..~.}..]a...4^.....PJl...-.t..*JP.D..2!....u..{+4=L..I.2./..[x....S|....7..<....H.J.......{.V:.!%.A.....>.F.>..-..O....s...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):755
                                                                                                                                                                                Entropy (8bit):7.722052159829163
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:oy0fD7X4joq/qwPmA3MWIIGJmJOA2FEb4wN1s4xy0Mukkcm86uPwIFRt/e+Enaad:BSD7ojoq/W7WLJOACLq1sey0lcEIFDEd
                                                                                                                                                                                MD5:777A6617AA1FD631D2CF4DC9474DE1B4
                                                                                                                                                                                SHA1:83F47C00FD2AB28F870B6C1B49019FA5E06AD9D5
                                                                                                                                                                                SHA-256:DC402C8F50B13C850A929C9EF8ECC1283C29FAA5C2520AC4E88767C223C3BF8F
                                                                                                                                                                                SHA-512:57FEFEE2B3EAB21C3D8B9C717AB74F3E6D96B72EE2A602648C541A7F0D1D1E7592685BE7A35F0EFCA70EE4E7874D1C1E0F30F051AB6F344F59CD05ADE4FD65BE
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:..{.>....*...r.JLt<f..7%9..m..h.r..z.....wg.v9....|..2...N.!.)..;.2%...r...Fy.^;.H.~.!:......\..E\&z:..)..x..3.41..C..UWk$.f5.gYx..>..L.D..v..Q(...4.~M....u..y..+O..5G.P.b1..s6.nt.>..5vt&.(....|..0K....9..\....u.ch...ZH.t..^..1...W..8....>{.I....N1.<m.[.X.....!0...}.._...T.'ET.]m2^..l.0...Q..K....H..o......,n%...6K..?..G!.+..a......I..C.d..t..A23.3.~..~...y/..J.'.&...{.v..t....Qk.Al.=E'...g.k{W.*v....eb..N.....3.NC_p..)d@...Rqy`<.q.C....U}...'.J.{.'...u......@....|.a..H.e.6.V.......U9r.N......4I.kB.9..K..'...:...A.....G....)}.....T........6{......!...~.-..J)q.!..U....;...k.EE.;....Z`...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\ProgramData\C9C8.tmp
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):150528
                                                                                                                                                                                Entropy (8bit):7.997535399099202
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:3072:lxHScHxKAEKP9Qz6aAPaxHScHxKAEKP9Qz6aAPaxHScHxKD:HSK39QpOSSK39QpOSSp
                                                                                                                                                                                MD5:11499623BBA31A5B50FFD13D9493CA2A
                                                                                                                                                                                SHA1:7F5D41D236C0DFE723F94BF4FE71985FC6245B99
                                                                                                                                                                                SHA-256:646E2FA1F570A8E65A313BDBA8D26FD19CC6DE031A8B89CD326226A463D742C2
                                                                                                                                                                                SHA-512:01CBAEBE00577C3D205B63AF634BA73A0CCA8F607DC13092C81A105E0CAC36E0426C113E54226DCDC55AE0130D5F4C1D5D3A8086BD0A532FCD4FD877CFAA910D
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:z...s.A......$t....@.%....t72...|....../..H.V..D.N{.-...8Y....H,F!b..}..}.IJ...{..Me..v...&Zw5.=....W.J...Pc.6U.R..0.Q...h.H..b.SV.S*.... ....._$#..Tc...r.....p.Nb.Qy....|..^WC....{...!.T7e.U.....{..RB...K....M.2.........,.C.,BI.5.[.D..M0.z.a*....(w...p..@..1....N....g.o.7...ig.1P..T$...`.8...(...dj....iN.....x&8..j....cQXn....J|U....3L.Y...B..A..IM-............z2jb.....;?.sbS))..cm..._...n.....s....vu..K.#o..._...+...`+....M\k..+..(`.....M.1Z..,Ke...EM.t...s...G..l.B.`N....oYJK.h.....i..9.Uv....1k2L......z46....=.^...39...D..e8.U..}...{[\....&......x..rt..72....y.I8..N.y....mg............o|.8.x.....)......h....7.GR....\.:w........".6.m.;i.....|j..3..m)Y>0..X.......0.?.C..sCx....^R....#.5..=0.X.+.[.e.Z...G`.X.73.c.T:........b`tE.......qT.n.....".....Fu.....y......Jh.....j....Em.@........F...)..k#..y].t...2P;B.Z7.+..C.UYF.r..UE...v....".q.U..._.K)F.....ta..g...&...<RZ.(....lb...Pb.Ne.d/=1.M...i....1.(....Z.......5..A.s.A1.........O
                                                                                                                                                                                Process:C:\ProgramData\C9C8.tmp
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):150528
                                                                                                                                                                                Entropy (8bit):7.997535399099202
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:3072:lxHScHxKAEKP9Qz6aAPaxHScHxKAEKP9Qz6aAPaxHScHxKD:HSK39QpOSSK39QpOSSp
                                                                                                                                                                                MD5:11499623BBA31A5B50FFD13D9493CA2A
                                                                                                                                                                                SHA1:7F5D41D236C0DFE723F94BF4FE71985FC6245B99
                                                                                                                                                                                SHA-256:646E2FA1F570A8E65A313BDBA8D26FD19CC6DE031A8B89CD326226A463D742C2
                                                                                                                                                                                SHA-512:01CBAEBE00577C3D205B63AF634BA73A0CCA8F607DC13092C81A105E0CAC36E0426C113E54226DCDC55AE0130D5F4C1D5D3A8086BD0A532FCD4FD877CFAA910D
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:z...s.A......$t....@.%....t72...|....../..H.V..D.N{.-...8Y....H,F!b..}..}.IJ...{..Me..v...&Zw5.=....W.J...Pc.6U.R..0.Q...h.H..b.SV.S*.... ....._$#..Tc...r.....p.Nb.Qy....|..^WC....{...!.T7e.U.....{..RB...K....M.2.........,.C.,BI.5.[.D..M0.z.a*....(w...p..@..1....N....g.o.7...ig.1P..T$...`.8...(...dj....iN.....x&8..j....cQXn....J|U....3L.Y...B..A..IM-............z2jb.....;?.sbS))..cm..._...n.....s....vu..K.#o..._...+...`+....M\k..+..(`.....M.1Z..,Ke...EM.t...s...G..l.B.`N....oYJK.h.....i..9.Uv....1k2L......z46....=.^...39...D..e8.U..}...{[\....&......x..rt..72....y.I8..N.y....mg............o|.8.x.....)......h....7.GR....\.:w........".6.m.;i.....|j..3..m)Y>0..X.......0.?.C..sCx....^R....#.5..=0.X.+.[.e.Z...G`.X.73.c.T:........b`tE.......qT.n.....".....Fu.....y......Jh.....j....Em.@........F...)..k#..y].t...2P;B.Z7.+..C.UYF.r..UE...v....".q.U..._.K)F.....ta..g...&...<RZ.(....lb...Pb.Ne.d/=1.M...i....1.(....Z.......5..A.s.A1.........O
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1272
                                                                                                                                                                                Entropy (8bit):7.861526970179013
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:o63z66t5LXqkNvWGJ50CcG0T7E36dDQyeBIBvM7lHsaBkuQsC7e42xs:R3zp5Lak9WGuXlE3SQyeBIBvaBsaCYq
                                                                                                                                                                                MD5:D8FB42110236BAEBE2581BC12AA65671
                                                                                                                                                                                SHA1:86B014AF0CEF702C85360840260BDD1B7E33D7A6
                                                                                                                                                                                SHA-256:6495DD57B172F0614FA7B5FADBC4E847E78C6FDF73598BF721743A22946942D8
                                                                                                                                                                                SHA-512:79A452BB94034E647FC834FC0C68B882AD2703CD1FF1D2B95B43C307DAA27EA3D14B512F1CD962DB07AA45493E696E03C3B5F1957BD462C7D2C8A7A7F9B95C20
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..0...y.F..l.[..]G/.S.u..~l...x9;...OlkL7.yH....zB.R..../}.H...o.W}u. .Wc...a".....W|..B..i.k. La.5....5.U...B...#...{.I@.X?....q..2.....g.L6.2....._.{.t...5.#\...y.a..}.N..p.7P.U..b....z............=.....%<1.l.4}..q.Vm..}.."....v".....*...S.o..-.7.W.C.+..S.1...XM>...9..`.m.s...^1_.u?......[..4.3.*.....[{?.S.Z,...OC..Y.. x&...."..=....`.*.p.3p.|.Q...M`g...TA3.6...X./._.......h.~.$N...Th]h.......Vs.Tt...S8.".*4..Qz......`..2..kV.(..............fEh;~.W\..d...E8........~..E....!.wB>..T..+%...."....o...&PJA6.$..d...*.fG,\....~W....K.B/O...*Q....WO..fV908.8......Yk'\e...L.M...o....)..C.ZzN.I..?C[.....Eo..V=..aY\...-#;..^%.j3.........?....tDf.Fz.....JJ&..U3.#..^.B.sM.P..3..t.4v......_.6Md..V......"..b8H......t.;......d$......p...,........Y@`e).(.T.?J.:4..7..i.u_....^O..S<.d....S.H.\..AP3...a>n{.....4.`..O..t3.E.Zq.&.p.@.. 8..[.0N./^B.1..`5.f(=....Q<....8 (....0C.g..Z......3.....A.U}.....+r..[..jF"i.C.....'..A..j.l....S...
                                                                                                                                                                                Process:C:\ProgramData\C9C8.tmp
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):150528
                                                                                                                                                                                Entropy (8bit):7.997535399099202
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:3072:lxHScHxKAEKP9Qz6aAPaxHScHxKAEKP9Qz6aAPaxHScHxKD:HSK39QpOSSK39QpOSSp
                                                                                                                                                                                MD5:11499623BBA31A5B50FFD13D9493CA2A
                                                                                                                                                                                SHA1:7F5D41D236C0DFE723F94BF4FE71985FC6245B99
                                                                                                                                                                                SHA-256:646E2FA1F570A8E65A313BDBA8D26FD19CC6DE031A8B89CD326226A463D742C2
                                                                                                                                                                                SHA-512:01CBAEBE00577C3D205B63AF634BA73A0CCA8F607DC13092C81A105E0CAC36E0426C113E54226DCDC55AE0130D5F4C1D5D3A8086BD0A532FCD4FD877CFAA910D
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:z...s.A......$t....@.%....t72...|....../..H.V..D.N{.-...8Y....H,F!b..}..}.IJ...{..Me..v...&Zw5.=....W.J...Pc.6U.R..0.Q...h.H..b.SV.S*.... ....._$#..Tc...r.....p.Nb.Qy....|..^WC....{...!.T7e.U.....{..RB...K....M.2.........,.C.,BI.5.[.D..M0.z.a*....(w...p..@..1....N....g.o.7...ig.1P..T$...`.8...(...dj....iN.....x&8..j....cQXn....J|U....3L.Y...B..A..IM-............z2jb.....;?.sbS))..cm..._...n.....s....vu..K.#o..._...+...`+....M\k..+..(`.....M.1Z..,Ke...EM.t...s...G..l.B.`N....oYJK.h.....i..9.Uv....1k2L......z46....=.^...39...D..e8.U..}...{[\....&......x..rt..72....y.I8..N.y....mg............o|.8.x.....)......h....7.GR....\.:w........".6.m.;i.....|j..3..m)Y>0..X.......0.?.C..sCx....^R....#.5..=0.X.+.[.e.Z...G`.X.73.c.T:........b`tE.......qT.n.....".....Fu.....y......Jh.....j....Em.@........F...)..k#..y].t...2P;B.Z7.+..C.UYF.r..UE...v....".q.U..._.K)F.....ta..g...&...<RZ.(....lb...Pb.Ne.d/=1.M...i....1.(....Z.......5..A.s.A1.........O
                                                                                                                                                                                Process:C:\ProgramData\C9C8.tmp
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):150528
                                                                                                                                                                                Entropy (8bit):7.997535399099202
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:3072:lxHScHxKAEKP9Qz6aAPaxHScHxKAEKP9Qz6aAPaxHScHxKD:HSK39QpOSSK39QpOSSp
                                                                                                                                                                                MD5:11499623BBA31A5B50FFD13D9493CA2A
                                                                                                                                                                                SHA1:7F5D41D236C0DFE723F94BF4FE71985FC6245B99
                                                                                                                                                                                SHA-256:646E2FA1F570A8E65A313BDBA8D26FD19CC6DE031A8B89CD326226A463D742C2
                                                                                                                                                                                SHA-512:01CBAEBE00577C3D205B63AF634BA73A0CCA8F607DC13092C81A105E0CAC36E0426C113E54226DCDC55AE0130D5F4C1D5D3A8086BD0A532FCD4FD877CFAA910D
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:z...s.A......$t....@.%....t72...|....../..H.V..D.N{.-...8Y....H,F!b..}..}.IJ...{..Me..v...&Zw5.=....W.J...Pc.6U.R..0.Q...h.H..b.SV.S*.... ....._$#..Tc...r.....p.Nb.Qy....|..^WC....{...!.T7e.U.....{..RB...K....M.2.........,.C.,BI.5.[.D..M0.z.a*....(w...p..@..1....N....g.o.7...ig.1P..T$...`.8...(...dj....iN.....x&8..j....cQXn....J|U....3L.Y...B..A..IM-............z2jb.....;?.sbS))..cm..._...n.....s....vu..K.#o..._...+...`+....M\k..+..(`.....M.1Z..,Ke...EM.t...s...G..l.B.`N....oYJK.h.....i..9.Uv....1k2L......z46....=.^...39...D..e8.U..}...{[\....&......x..rt..72....y.I8..N.y....mg............o|.8.x.....)......h....7.GR....\.:w........".6.m.;i.....|j..3..m)Y>0..X.......0.?.C..sCx....^R....#.5..=0.X.+.[.e.Z...G`.X.73.c.T:........b`tE.......qT.n.....".....Fu.....y......Jh.....j....Em.@........F...)..k#..y].t...2P;B.Z7.+..C.UYF.r..UE...v....".q.U..._.K)F.....ta..g...&...<RZ.(....lb...Pb.Ne.d/=1.M...i....1.(....Z.......5..A.s.A1.........O
                                                                                                                                                                                Process:C:\ProgramData\C9C8.tmp
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):150528
                                                                                                                                                                                Entropy (8bit):7.997535399099202
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:3072:lxHScHxKAEKP9Qz6aAPaxHScHxKAEKP9Qz6aAPaxHScHxKD:HSK39QpOSSK39QpOSSp
                                                                                                                                                                                MD5:11499623BBA31A5B50FFD13D9493CA2A
                                                                                                                                                                                SHA1:7F5D41D236C0DFE723F94BF4FE71985FC6245B99
                                                                                                                                                                                SHA-256:646E2FA1F570A8E65A313BDBA8D26FD19CC6DE031A8B89CD326226A463D742C2
                                                                                                                                                                                SHA-512:01CBAEBE00577C3D205B63AF634BA73A0CCA8F607DC13092C81A105E0CAC36E0426C113E54226DCDC55AE0130D5F4C1D5D3A8086BD0A532FCD4FD877CFAA910D
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:z...s.A......$t....@.%....t72...|....../..H.V..D.N{.-...8Y....H,F!b..}..}.IJ...{..Me..v...&Zw5.=....W.J...Pc.6U.R..0.Q...h.H..b.SV.S*.... ....._$#..Tc...r.....p.Nb.Qy....|..^WC....{...!.T7e.U.....{..RB...K....M.2.........,.C.,BI.5.[.D..M0.z.a*....(w...p..@..1....N....g.o.7...ig.1P..T$...`.8...(...dj....iN.....x&8..j....cQXn....J|U....3L.Y...B..A..IM-............z2jb.....;?.sbS))..cm..._...n.....s....vu..K.#o..._...+...`+....M\k..+..(`.....M.1Z..,Ke...EM.t...s...G..l.B.`N....oYJK.h.....i..9.Uv....1k2L......z46....=.^...39...D..e8.U..}...{[\....&......x..rt..72....y.I8..N.y....mg............o|.8.x.....)......h....7.GR....\.:w........".6.m.;i.....|j..3..m)Y>0..X.......0.?.C..sCx....^R....#.5..=0.X.+.[.e.Z...G`.X.73.c.T:........b`tE.......qT.n.....".....Fu.....y......Jh.....j....Em.@........F...)..k#..y].t...2P;B.Z7.+..C.UYF.r..UE...v....".q.U..._.K)F.....ta..g...&...<RZ.(....lb...Pb.Ne.d/=1.M...i....1.(....Z.......5..A.s.A1.........O
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1270
                                                                                                                                                                                Entropy (8bit):7.842858284317203
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:Fb4zEgbIKHUzNfyqX4LkUNxSXYMSLBqJBSclxOKzc9iXXe32xs:F9KO4J98XYMYBqyqbzjX7q
                                                                                                                                                                                MD5:CE2DAB5B54749E3A51582EF27E0DE958
                                                                                                                                                                                SHA1:FB31AF2EEAF04A9EB13B495DF90D56E351305BDB
                                                                                                                                                                                SHA-256:A7FC234C23C2871D607F7EA6675240544347BD1F43DD4C5DF0F7B8790A66D36E
                                                                                                                                                                                SHA-512:BC96A8BB56C3CCAA4A13C38227F265C648A01F18BDBE434AE132D8416D801B6736C8500D35445EAEFE19943D9137217E5893012ECBCD6C7BF3C2820B7270C23F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..hVo.T0...W.U.!.v=1J.C...V}........0v...h.1..i.h..9V.eG.}..C....2Tg...'e..k......C&B.P.S.y.Q..m+a"v.n...(.+...n.T..t\.Z......y.7.h<..`A...2.l..@4.#...yG............C....4Qw...<g.x.B...s$g.. T.W...w:..eo.D.-oD..;...J...fU.H}h.f.g..q.*6J;...Z8......J.V..2...........(cx...5......O......fc32D"...s...E;...)......7(..]..pF.X..w5..[..TeS..0T...\...L..!g.(+.L[.0`.L..(sfk.ezx..._....:B9...6...T...K...s.M...........6..!J>.pk....U.x.m...>.I.....v......!..3/.K6iDMc...~;4[w...B..BO.....;hW....l^..Z.aKC..Y.uZ..y......n0Z.U...i.....{..r.q...B`..D.f._.8...-S..k.R.AZ.6H.*pk).mAj0YX8)J..|..'&..........SB...^9.].......S~x]O..4.(.\..........WH\......!.....=.....5..l... 1.Q..%2Q.\.K....-..G@s..wl...b.o...&n.......4...0..X.HB*..l......*u....5N.+U.Y.....b._q...w.7UQT&....Z...F.Q]5Bi.f.*.4.a@D.<.s.g....:.I-.4.....3.QND..t.h....rs..t..X....c.k\.k......C...(F..)..,....N...f}"-.%..(W..|p....r.Y9..3_Z.../......9.-....QqSe.3M......J.{dRX(..p.s/..............@.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1272
                                                                                                                                                                                Entropy (8bit):7.833483049102913
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:qf/JFNxkFSsEERyzLsCXk36mulfXGefekHAfKXLmks9ZNnbz52xs:qJ7eFA+24KmuUbkHAfQLmkyNsq
                                                                                                                                                                                MD5:688A5295C88BDAA401E23416D1A788D7
                                                                                                                                                                                SHA1:CE8CAB9C2FBD7103B2D4B71E97421C497D85A2EB
                                                                                                                                                                                SHA-256:54C6BA75C9BA288F8BC3EE7022DFB13761BDF41264312F894D8FC018914F0AC7
                                                                                                                                                                                SHA-512:4973CA970D36C687E822840ECC1DEC61F1A0CFBF4CE0814CBBD0D8B1F43EA762B8881EAD3C94D0BD663619D1A19549C5D6062D579E07600851A03B8A55A7622C
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:aXn..h...........l..b..j.b..9&.5....q...mR8...p...rL.R!a.MX.t."....3..Gv9-D...I.\..=P]...U..cj..v&l........yi....)<Q.S)..z..w,...:6...w..I...2M....S....8..5.)..........qE...B...._..h).5...W..uW..e.n.A.s.A.F5.-pFg)7..X@Aw...vf0.pUHM*.....+.z.....T..X.^..&= ^..=9..DC..^..,..K..N.L.[~+.....?..C...G8.y.!...L.bdy.....,.s...E.w....m..f.Q.........&.}kMFJ!..Bl.|].1....d.O.]q.H.....p...%>..K%..XiP...z9..nz'...l..._........;.....iO... a.R>..F...,.{.....s...@......V...v..Aio.t.z_e...a..J.......4.........;......7X=p.B.(.|I....{%1.8..Z....'....p.s....v.%.C.Bi^?.......C........e..U.NE.y.....~.iko..I..xPXD|..v.a..F.....)pP..I.dB,[..d.g...iO.J& .y.r.......c..p6.Vr.....P.nq.^.4.|.....@.-.<7..Q9...Q....28.s.m.(.....n..M)L./.h...5(.sZ.M.c.....}....M.z<D.s....E....Bg.x...<u.(X7 }'\.F...t..Z..H|.,0Q..`Fp..Ge.+..2..E.....9S.{((q..8F..c.*I..E...x....l'^..P....Xk..S..K.{.g_..f.,5..V.6(..'.4.8....dGR...|v.Zc..%:w..t.e..=...+.x..XP.......B...}.C-P..`.
                                                                                                                                                                                Process:C:\ProgramData\C9C8.tmp
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):150528
                                                                                                                                                                                Entropy (8bit):7.997535399099202
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:3072:lxHScHxKAEKP9Qz6aAPaxHScHxKAEKP9Qz6aAPaxHScHxKD:HSK39QpOSSK39QpOSSp
                                                                                                                                                                                MD5:11499623BBA31A5B50FFD13D9493CA2A
                                                                                                                                                                                SHA1:7F5D41D236C0DFE723F94BF4FE71985FC6245B99
                                                                                                                                                                                SHA-256:646E2FA1F570A8E65A313BDBA8D26FD19CC6DE031A8B89CD326226A463D742C2
                                                                                                                                                                                SHA-512:01CBAEBE00577C3D205B63AF634BA73A0CCA8F607DC13092C81A105E0CAC36E0426C113E54226DCDC55AE0130D5F4C1D5D3A8086BD0A532FCD4FD877CFAA910D
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:z...s.A......$t....@.%....t72...|....../..H.V..D.N{.-...8Y....H,F!b..}..}.IJ...{..Me..v...&Zw5.=....W.J...Pc.6U.R..0.Q...h.H..b.SV.S*.... ....._$#..Tc...r.....p.Nb.Qy....|..^WC....{...!.T7e.U.....{..RB...K....M.2.........,.C.,BI.5.[.D..M0.z.a*....(w...p..@..1....N....g.o.7...ig.1P..T$...`.8...(...dj....iN.....x&8..j....cQXn....J|U....3L.Y...B..A..IM-............z2jb.....;?.sbS))..cm..._...n.....s....vu..K.#o..._...+...`+....M\k..+..(`.....M.1Z..,Ke...EM.t...s...G..l.B.`N....oYJK.h.....i..9.Uv....1k2L......z46....=.^...39...D..e8.U..}...{[\....&......x..rt..72....y.I8..N.y....mg............o|.8.x.....)......h....7.GR....\.:w........".6.m.;i.....|j..3..m)Y>0..X.......0.?.C..sCx....^R....#.5..=0.X.+.[.e.Z...G`.X.73.c.T:........b`tE.......qT.n.....".....Fu.....y......Jh.....j....Em.@........F...)..k#..y].t...2P;B.Z7.+..C.UYF.r..UE...v....".q.U..._.K)F.....ta..g...&...<RZ.(....lb...Pb.Ne.d/=1.M...i....1.(....Z.......5..A.s.A1.........O
                                                                                                                                                                                Process:C:\ProgramData\C9C8.tmp
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):150528
                                                                                                                                                                                Entropy (8bit):7.997535399099202
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:3072:lxHScHxKAEKP9Qz6aAPaxHScHxKAEKP9Qz6aAPaxHScHxKD:HSK39QpOSSK39QpOSSp
                                                                                                                                                                                MD5:11499623BBA31A5B50FFD13D9493CA2A
                                                                                                                                                                                SHA1:7F5D41D236C0DFE723F94BF4FE71985FC6245B99
                                                                                                                                                                                SHA-256:646E2FA1F570A8E65A313BDBA8D26FD19CC6DE031A8B89CD326226A463D742C2
                                                                                                                                                                                SHA-512:01CBAEBE00577C3D205B63AF634BA73A0CCA8F607DC13092C81A105E0CAC36E0426C113E54226DCDC55AE0130D5F4C1D5D3A8086BD0A532FCD4FD877CFAA910D
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:z...s.A......$t....@.%....t72...|....../..H.V..D.N{.-...8Y....H,F!b..}..}.IJ...{..Me..v...&Zw5.=....W.J...Pc.6U.R..0.Q...h.H..b.SV.S*.... ....._$#..Tc...r.....p.Nb.Qy....|..^WC....{...!.T7e.U.....{..RB...K....M.2.........,.C.,BI.5.[.D..M0.z.a*....(w...p..@..1....N....g.o.7...ig.1P..T$...`.8...(...dj....iN.....x&8..j....cQXn....J|U....3L.Y...B..A..IM-............z2jb.....;?.sbS))..cm..._...n.....s....vu..K.#o..._...+...`+....M\k..+..(`.....M.1Z..,Ke...EM.t...s...G..l.B.`N....oYJK.h.....i..9.Uv....1k2L......z46....=.^...39...D..e8.U..}...{[\....&......x..rt..72....y.I8..N.y....mg............o|.8.x.....)......h....7.GR....\.:w........".6.m.;i.....|j..3..m)Y>0..X.......0.?.C..sCx....^R....#.5..=0.X.+.[.e.Z...G`.X.73.c.T:........b`tE.......qT.n.....".....Fu.....y......Jh.....j....Em.@........F...)..k#..y].t...2P;B.Z7.+..C.UYF.r..UE...v....".q.U..._.K)F.....ta..g...&...<RZ.(....lb...Pb.Ne.d/=1.M...i....1.(....Z.......5..A.s.A1.........O
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1270
                                                                                                                                                                                Entropy (8bit):7.865061558637118
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:jUJcJ4Pn3XTiCelNgsFvuqYYPQQ6IA44tTXhV26nm9axDPmKXHz2xs:jUBrczoBK0326mkLmmHyq
                                                                                                                                                                                MD5:FA1DB3700B06F4C8AC907C72911E750A
                                                                                                                                                                                SHA1:C322E6ECB06085E226725346F046616DD9D0DF99
                                                                                                                                                                                SHA-256:49924AD41C42E04E51A68C0317BEA51855E0B9C745F0C1BD134CA9099B2DB2E2
                                                                                                                                                                                SHA-512:DB6A2C3C2DDAE390B9D51DEC32A4219039C80E058BBC599AC933648BB737938FBA676BB3FCCBB50A2ADE6117F6F9C732A9BB0EDD624A9A3B14D3CD2D83CC6B05
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.....).,..s...|.cYf..}....p5_+k.i......%;0.X...v.v.-..&..M.7.^`..xp...faJEs'3S.#...'.*..~t.w.....1.a`..u..j..f..C.....[...~..a.z..T.9..V.n.....+...r{w'.+d..;.K&x.....g...J&.o.te......~.+.L...%...3Q_....].V..;...Gy......q.^......(...1..he...Gbda../...[.6..5.,.L......z.az....I.T1......h..>Z.@[c^....7K...{.T..*=..<..D.C..........~g.8..A.z.W.tAEJ|.F...s.....ZWn.B+......'..-.$......]e..k!.g.i..".)N..0.T...A^(..^...X.0z..^...`....8._@..3._....f.....8Pu...U@.-t._..7.'......11+0.M....T....v..g-.iT@......I`....8Dp.....T?....4..AI....}...4.....0o.....3.lz.....m...\y...0.z..?X..S.....+..A.}9..i.0....E......"r....L.#D$..<.\'..d.....-..M..U1..N..QU..F@a.4....A.sk.....4^.......Y.}w.S..x....RF.\.../A)..L.s.@.ZN..U.jV...)..#.C*X.h..4...Q..v..r....#...M....../u=..q.-$.......k.H....j.......A,%._b$.....(.B./.K..?>..h.v.B...Hl.u.8..^..y...[T.,.sF....<T.(.M.....W...|`..DB..92...y.d...F*h.z.}..YI.....O....o.m4E......,.......a..A6\.......?....+.`..2
                                                                                                                                                                                Process:C:\ProgramData\C9C8.tmp
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):150528
                                                                                                                                                                                Entropy (8bit):7.997535399099202
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:3072:lxHScHxKAEKP9Qz6aAPaxHScHxKAEKP9Qz6aAPaxHScHxKD:HSK39QpOSSK39QpOSSp
                                                                                                                                                                                MD5:11499623BBA31A5B50FFD13D9493CA2A
                                                                                                                                                                                SHA1:7F5D41D236C0DFE723F94BF4FE71985FC6245B99
                                                                                                                                                                                SHA-256:646E2FA1F570A8E65A313BDBA8D26FD19CC6DE031A8B89CD326226A463D742C2
                                                                                                                                                                                SHA-512:01CBAEBE00577C3D205B63AF634BA73A0CCA8F607DC13092C81A105E0CAC36E0426C113E54226DCDC55AE0130D5F4C1D5D3A8086BD0A532FCD4FD877CFAA910D
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:z...s.A......$t....@.%....t72...|....../..H.V..D.N{.-...8Y....H,F!b..}..}.IJ...{..Me..v...&Zw5.=....W.J...Pc.6U.R..0.Q...h.H..b.SV.S*.... ....._$#..Tc...r.....p.Nb.Qy....|..^WC....{...!.T7e.U.....{..RB...K....M.2.........,.C.,BI.5.[.D..M0.z.a*....(w...p..@..1....N....g.o.7...ig.1P..T$...`.8...(...dj....iN.....x&8..j....cQXn....J|U....3L.Y...B..A..IM-............z2jb.....;?.sbS))..cm..._...n.....s....vu..K.#o..._...+...`+....M\k..+..(`.....M.1Z..,Ke...EM.t...s...G..l.B.`N....oYJK.h.....i..9.Uv....1k2L......z46....=.^...39...D..e8.U..}...{[\....&......x..rt..72....y.I8..N.y....mg............o|.8.x.....)......h....7.GR....\.:w........".6.m.;i.....|j..3..m)Y>0..X.......0.?.C..sCx....^R....#.5..=0.X.+.[.e.Z...G`.X.73.c.T:........b`tE.......qT.n.....".....Fu.....y......Jh.....j....Em.@........F...)..k#..y].t...2P;B.Z7.+..C.UYF.r..UE...v....".q.U..._.K)F.....ta..g...&...<RZ.(....lb...Pb.Ne.d/=1.M...i....1.(....Z.......5..A.s.A1.........O
                                                                                                                                                                                Process:C:\ProgramData\C9C8.tmp
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):150528
                                                                                                                                                                                Entropy (8bit):7.997535399099202
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:3072:lxHScHxKAEKP9Qz6aAPaxHScHxKAEKP9Qz6aAPaxHScHxKD:HSK39QpOSSK39QpOSSp
                                                                                                                                                                                MD5:11499623BBA31A5B50FFD13D9493CA2A
                                                                                                                                                                                SHA1:7F5D41D236C0DFE723F94BF4FE71985FC6245B99
                                                                                                                                                                                SHA-256:646E2FA1F570A8E65A313BDBA8D26FD19CC6DE031A8B89CD326226A463D742C2
                                                                                                                                                                                SHA-512:01CBAEBE00577C3D205B63AF634BA73A0CCA8F607DC13092C81A105E0CAC36E0426C113E54226DCDC55AE0130D5F4C1D5D3A8086BD0A532FCD4FD877CFAA910D
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:z...s.A......$t....@.%....t72...|....../..H.V..D.N{.-...8Y....H,F!b..}..}.IJ...{..Me..v...&Zw5.=....W.J...Pc.6U.R..0.Q...h.H..b.SV.S*.... ....._$#..Tc...r.....p.Nb.Qy....|..^WC....{...!.T7e.U.....{..RB...K....M.2.........,.C.,BI.5.[.D..M0.z.a*....(w...p..@..1....N....g.o.7...ig.1P..T$...`.8...(...dj....iN.....x&8..j....cQXn....J|U....3L.Y...B..A..IM-............z2jb.....;?.sbS))..cm..._...n.....s....vu..K.#o..._...+...`+....M\k..+..(`.....M.1Z..,Ke...EM.t...s...G..l.B.`N....oYJK.h.....i..9.Uv....1k2L......z46....=.^...39...D..e8.U..}...{[\....&......x..rt..72....y.I8..N.y....mg............o|.8.x.....)......h....7.GR....\.:w........".6.m.;i.....|j..3..m)Y>0..X.......0.?.C..sCx....^R....#.5..=0.X.+.[.e.Z...G`.X.73.c.T:........b`tE.......qT.n.....".....Fu.....y......Jh.....j....Em.@........F...)..k#..y].t...2P;B.Z7.+..C.UYF.r..UE...v....".q.U..._.K)F.....ta..g...&...<RZ.(....lb...Pb.Ne.d/=1.M...i....1.(....Z.......5..A.s.A1.........O
                                                                                                                                                                                Process:C:\ProgramData\C9C8.tmp
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):150528
                                                                                                                                                                                Entropy (8bit):7.997535399099202
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:3072:lxHScHxKAEKP9Qz6aAPaxHScHxKAEKP9Qz6aAPaxHScHxKD:HSK39QpOSSK39QpOSSp
                                                                                                                                                                                MD5:11499623BBA31A5B50FFD13D9493CA2A
                                                                                                                                                                                SHA1:7F5D41D236C0DFE723F94BF4FE71985FC6245B99
                                                                                                                                                                                SHA-256:646E2FA1F570A8E65A313BDBA8D26FD19CC6DE031A8B89CD326226A463D742C2
                                                                                                                                                                                SHA-512:01CBAEBE00577C3D205B63AF634BA73A0CCA8F607DC13092C81A105E0CAC36E0426C113E54226DCDC55AE0130D5F4C1D5D3A8086BD0A532FCD4FD877CFAA910D
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:z...s.A......$t....@.%....t72...|....../..H.V..D.N{.-...8Y....H,F!b..}..}.IJ...{..Me..v...&Zw5.=....W.J...Pc.6U.R..0.Q...h.H..b.SV.S*.... ....._$#..Tc...r.....p.Nb.Qy....|..^WC....{...!.T7e.U.....{..RB...K....M.2.........,.C.,BI.5.[.D..M0.z.a*....(w...p..@..1....N....g.o.7...ig.1P..T$...`.8...(...dj....iN.....x&8..j....cQXn....J|U....3L.Y...B..A..IM-............z2jb.....;?.sbS))..cm..._...n.....s....vu..K.#o..._...+...`+....M\k..+..(`.....M.1Z..,Ke...EM.t...s...G..l.B.`N....oYJK.h.....i..9.Uv....1k2L......z46....=.^...39...D..e8.U..}...{[\....&......x..rt..72....y.I8..N.y....mg............o|.8.x.....)......h....7.GR....\.:w........".6.m.;i.....|j..3..m)Y>0..X.......0.?.C..sCx....^R....#.5..=0.X.+.[.e.Z...G`.X.73.c.T:........b`tE.......qT.n.....".....Fu.....y......Jh.....j....Em.@........F...)..k#..y].t...2P;B.Z7.+..C.UYF.r..UE...v....".q.U..._.K)F.....ta..g...&...<RZ.(....lb...Pb.Ne.d/=1.M...i....1.(....Z.......5..A.s.A1.........O
                                                                                                                                                                                Process:C:\ProgramData\C9C8.tmp
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):150528
                                                                                                                                                                                Entropy (8bit):7.997535399099202
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:3072:lxHScHxKAEKP9Qz6aAPaxHScHxKAEKP9Qz6aAPaxHScHxKD:HSK39QpOSSK39QpOSSp
                                                                                                                                                                                MD5:11499623BBA31A5B50FFD13D9493CA2A
                                                                                                                                                                                SHA1:7F5D41D236C0DFE723F94BF4FE71985FC6245B99
                                                                                                                                                                                SHA-256:646E2FA1F570A8E65A313BDBA8D26FD19CC6DE031A8B89CD326226A463D742C2
                                                                                                                                                                                SHA-512:01CBAEBE00577C3D205B63AF634BA73A0CCA8F607DC13092C81A105E0CAC36E0426C113E54226DCDC55AE0130D5F4C1D5D3A8086BD0A532FCD4FD877CFAA910D
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:z...s.A......$t....@.%....t72...|....../..H.V..D.N{.-...8Y....H,F!b..}..}.IJ...{..Me..v...&Zw5.=....W.J...Pc.6U.R..0.Q...h.H..b.SV.S*.... ....._$#..Tc...r.....p.Nb.Qy....|..^WC....{...!.T7e.U.....{..RB...K....M.2.........,.C.,BI.5.[.D..M0.z.a*....(w...p..@..1....N....g.o.7...ig.1P..T$...`.8...(...dj....iN.....x&8..j....cQXn....J|U....3L.Y...B..A..IM-............z2jb.....;?.sbS))..cm..._...n.....s....vu..K.#o..._...+...`+....M\k..+..(`.....M.1Z..,Ke...EM.t...s...G..l.B.`N....oYJK.h.....i..9.Uv....1k2L......z46....=.^...39...D..e8.U..}...{[\....&......x..rt..72....y.I8..N.y....mg............o|.8.x.....)......h....7.GR....\.:w........".6.m.;i.....|j..3..m)Y>0..X.......0.?.C..sCx....^R....#.5..=0.X.+.[.e.Z...G`.X.73.c.T:........b`tE.......qT.n.....".....Fu.....y......Jh.....j....Em.@........F...)..k#..y].t...2P;B.Z7.+..C.UYF.r..UE...v....".q.U..._.K)F.....ta..g...&...<RZ.(....lb...Pb.Ne.d/=1.M...i....1.(....Z.......5..A.s.A1.........O
                                                                                                                                                                                Process:C:\ProgramData\C9C8.tmp
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):150528
                                                                                                                                                                                Entropy (8bit):7.997535399099202
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:3072:lxHScHxKAEKP9Qz6aAPaxHScHxKAEKP9Qz6aAPaxHScHxKD:HSK39QpOSSK39QpOSSp
                                                                                                                                                                                MD5:11499623BBA31A5B50FFD13D9493CA2A
                                                                                                                                                                                SHA1:7F5D41D236C0DFE723F94BF4FE71985FC6245B99
                                                                                                                                                                                SHA-256:646E2FA1F570A8E65A313BDBA8D26FD19CC6DE031A8B89CD326226A463D742C2
                                                                                                                                                                                SHA-512:01CBAEBE00577C3D205B63AF634BA73A0CCA8F607DC13092C81A105E0CAC36E0426C113E54226DCDC55AE0130D5F4C1D5D3A8086BD0A532FCD4FD877CFAA910D
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:z...s.A......$t....@.%....t72...|....../..H.V..D.N{.-...8Y....H,F!b..}..}.IJ...{..Me..v...&Zw5.=....W.J...Pc.6U.R..0.Q...h.H..b.SV.S*.... ....._$#..Tc...r.....p.Nb.Qy....|..^WC....{...!.T7e.U.....{..RB...K....M.2.........,.C.,BI.5.[.D..M0.z.a*....(w...p..@..1....N....g.o.7...ig.1P..T$...`.8...(...dj....iN.....x&8..j....cQXn....J|U....3L.Y...B..A..IM-............z2jb.....;?.sbS))..cm..._...n.....s....vu..K.#o..._...+...`+....M\k..+..(`.....M.1Z..,Ke...EM.t...s...G..l.B.`N....oYJK.h.....i..9.Uv....1k2L......z46....=.^...39...D..e8.U..}...{[\....&......x..rt..72....y.I8..N.y....mg............o|.8.x.....)......h....7.GR....\.:w........".6.m.;i.....|j..3..m)Y>0..X.......0.?.C..sCx....^R....#.5..=0.X.+.[.e.Z...G`.X.73.c.T:........b`tE.......qT.n.....".....Fu.....y......Jh.....j....Em.@........F...)..k#..y].t...2P;B.Z7.+..C.UYF.r..UE...v....".q.U..._.K)F.....ta..g...&...<RZ.(....lb...Pb.Ne.d/=1.M...i....1.(....Z.......5..A.s.A1.........O
                                                                                                                                                                                Process:C:\ProgramData\C9C8.tmp
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):150528
                                                                                                                                                                                Entropy (8bit):7.997535399099202
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:3072:lxHScHxKAEKP9Qz6aAPaxHScHxKAEKP9Qz6aAPaxHScHxKD:HSK39QpOSSK39QpOSSp
                                                                                                                                                                                MD5:11499623BBA31A5B50FFD13D9493CA2A
                                                                                                                                                                                SHA1:7F5D41D236C0DFE723F94BF4FE71985FC6245B99
                                                                                                                                                                                SHA-256:646E2FA1F570A8E65A313BDBA8D26FD19CC6DE031A8B89CD326226A463D742C2
                                                                                                                                                                                SHA-512:01CBAEBE00577C3D205B63AF634BA73A0CCA8F607DC13092C81A105E0CAC36E0426C113E54226DCDC55AE0130D5F4C1D5D3A8086BD0A532FCD4FD877CFAA910D
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:z...s.A......$t....@.%....t72...|....../..H.V..D.N{.-...8Y....H,F!b..}..}.IJ...{..Me..v...&Zw5.=....W.J...Pc.6U.R..0.Q...h.H..b.SV.S*.... ....._$#..Tc...r.....p.Nb.Qy....|..^WC....{...!.T7e.U.....{..RB...K....M.2.........,.C.,BI.5.[.D..M0.z.a*....(w...p..@..1....N....g.o.7...ig.1P..T$...`.8...(...dj....iN.....x&8..j....cQXn....J|U....3L.Y...B..A..IM-............z2jb.....;?.sbS))..cm..._...n.....s....vu..K.#o..._...+...`+....M\k..+..(`.....M.1Z..,Ke...EM.t...s...G..l.B.`N....oYJK.h.....i..9.Uv....1k2L......z46....=.^...39...D..e8.U..}...{[\....&......x..rt..72....y.I8..N.y....mg............o|.8.x.....)......h....7.GR....\.:w........".6.m.;i.....|j..3..m)Y>0..X.......0.?.C..sCx....^R....#.5..=0.X.+.[.e.Z...G`.X.73.c.T:........b`tE.......qT.n.....".....Fu.....y......Jh.....j....Em.@........F...)..k#..y].t...2P;B.Z7.+..C.UYF.r..UE...v....".q.U..._.K)F.....ta..g...&...<RZ.(....lb...Pb.Ne.d/=1.M...i....1.(....Z.......5..A.s.A1.........O
                                                                                                                                                                                Process:C:\ProgramData\C9C8.tmp
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):150528
                                                                                                                                                                                Entropy (8bit):7.997535399099202
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:3072:lxHScHxKAEKP9Qz6aAPaxHScHxKAEKP9Qz6aAPaxHScHxKD:HSK39QpOSSK39QpOSSp
                                                                                                                                                                                MD5:11499623BBA31A5B50FFD13D9493CA2A
                                                                                                                                                                                SHA1:7F5D41D236C0DFE723F94BF4FE71985FC6245B99
                                                                                                                                                                                SHA-256:646E2FA1F570A8E65A313BDBA8D26FD19CC6DE031A8B89CD326226A463D742C2
                                                                                                                                                                                SHA-512:01CBAEBE00577C3D205B63AF634BA73A0CCA8F607DC13092C81A105E0CAC36E0426C113E54226DCDC55AE0130D5F4C1D5D3A8086BD0A532FCD4FD877CFAA910D
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:z...s.A......$t....@.%....t72...|....../..H.V..D.N{.-...8Y....H,F!b..}..}.IJ...{..Me..v...&Zw5.=....W.J...Pc.6U.R..0.Q...h.H..b.SV.S*.... ....._$#..Tc...r.....p.Nb.Qy....|..^WC....{...!.T7e.U.....{..RB...K....M.2.........,.C.,BI.5.[.D..M0.z.a*....(w...p..@..1....N....g.o.7...ig.1P..T$...`.8...(...dj....iN.....x&8..j....cQXn....J|U....3L.Y...B..A..IM-............z2jb.....;?.sbS))..cm..._...n.....s....vu..K.#o..._...+...`+....M\k..+..(`.....M.1Z..,Ke...EM.t...s...G..l.B.`N....oYJK.h.....i..9.Uv....1k2L......z46....=.^...39...D..e8.U..}...{[\....&......x..rt..72....y.I8..N.y....mg............o|.8.x.....)......h....7.GR....\.:w........".6.m.;i.....|j..3..m)Y>0..X.......0.?.C..sCx....^R....#.5..=0.X.+.[.e.Z...G`.X.73.c.T:........b`tE.......qT.n.....".....Fu.....y......Jh.....j....Em.@........F...)..k#..y].t...2P;B.Z7.+..C.UYF.r..UE...v....".q.U..._.K)F.....ta..g...&...<RZ.(....lb...Pb.Ne.d/=1.M...i....1.(....Z.......5..A.s.A1.........O
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1272
                                                                                                                                                                                Entropy (8bit):7.816250976495638
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:XlVAxCqODOVSvKtpbm1xuJu9WVANfgqmHLrpC1kEzMstipZJDuYMw2xs:VdqODVvKtpg4J0WVmgqmHnpCd4stiJyu
                                                                                                                                                                                MD5:8608D62AA9577037E47A72F491E70935
                                                                                                                                                                                SHA1:CEF3BAC6CD691DC351C8FCF7574839C2917D6D2F
                                                                                                                                                                                SHA-256:CB006DC0AA4F2B7B04B38D16527C97007C12996D9B28C6FCC6E83A345BD1E1AA
                                                                                                                                                                                SHA-512:A0AF36D1AB1940A0593CBAAB50B2ED832B1A2D8491CD9168AAC138654C4994971F2288297E561F0E47371370655030A53C903DFA05336DDFF4D0B4A2E9EC5325
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:5...Z/...4...WCS...*..>.........J.{.g..!.....!..pa.IQ.I.....8..m...U.&r...BCG...,Df.|...9B]...;.y....f.1(Y..,..N/n....,$....(..Q'}.....W......C.8..A.7...h.....\...;.7.#:|c.....n.SM.Vb......<....(A....,h{}....R..........|..b8...|.<.gjH;.L9.vG..W-<........?.0.%Q..^.p].|.T.At.7....m.?.....6.b=.}.o.....~.w.E..........z&.(M..C.f...=&......Z..'...JS.....;.%F.d..>.L..n_;'.....Q.....Dw...c...........3.9..O=..{....<^....tN...~W|..%.$Z.c@Q/.....pj.6...`.o...f4x.......Z.j.c.E|Di...!..|.+.f.h\.Td0..p..T3F....#+..W......p#G.1...M..t/.h..../...l.......p..A.....}....F6.\..L.b....-.!.7...0.J...j|.]...E...Q.o...8..JT".H.9.:...\..>....D;..-.h.......{..Io@;.&k..=.....g.....A......T|.J.._]...(....5.~9t."....g..S.-..O[..m.b...|....&.|O..,.C3.dM...s~t.:)S0.....~.'nM*-.M..0)..i.cQ......Eo..v.I.?.~...P...'.U....a...ug....q- ....O....V...._]...V.H.4.aN../;.j&dka.N.....h...7...Y........0...L..I.h.....*#...9.....nZ33Y.%....b.t.R.0.W..0;#....^J 8.pxw..].5..E.
                                                                                                                                                                                Process:C:\ProgramData\C9C8.tmp
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):150528
                                                                                                                                                                                Entropy (8bit):7.997535399099202
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:3072:lxHScHxKAEKP9Qz6aAPaxHScHxKAEKP9Qz6aAPaxHScHxKD:HSK39QpOSSK39QpOSSp
                                                                                                                                                                                MD5:11499623BBA31A5B50FFD13D9493CA2A
                                                                                                                                                                                SHA1:7F5D41D236C0DFE723F94BF4FE71985FC6245B99
                                                                                                                                                                                SHA-256:646E2FA1F570A8E65A313BDBA8D26FD19CC6DE031A8B89CD326226A463D742C2
                                                                                                                                                                                SHA-512:01CBAEBE00577C3D205B63AF634BA73A0CCA8F607DC13092C81A105E0CAC36E0426C113E54226DCDC55AE0130D5F4C1D5D3A8086BD0A532FCD4FD877CFAA910D
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:z...s.A......$t....@.%....t72...|....../..H.V..D.N{.-...8Y....H,F!b..}..}.IJ...{..Me..v...&Zw5.=....W.J...Pc.6U.R..0.Q...h.H..b.SV.S*.... ....._$#..Tc...r.....p.Nb.Qy....|..^WC....{...!.T7e.U.....{..RB...K....M.2.........,.C.,BI.5.[.D..M0.z.a*....(w...p..@..1....N....g.o.7...ig.1P..T$...`.8...(...dj....iN.....x&8..j....cQXn....J|U....3L.Y...B..A..IM-............z2jb.....;?.sbS))..cm..._...n.....s....vu..K.#o..._...+...`+....M\k..+..(`.....M.1Z..,Ke...EM.t...s...G..l.B.`N....oYJK.h.....i..9.Uv....1k2L......z46....=.^...39...D..e8.U..}...{[\....&......x..rt..72....y.I8..N.y....mg............o|.8.x.....)......h....7.GR....\.:w........".6.m.;i.....|j..3..m)Y>0..X.......0.?.C..sCx....^R....#.5..=0.X.+.[.e.Z...G`.X.73.c.T:........b`tE.......qT.n.....".....Fu.....y......Jh.....j....Em.@........F...)..k#..y].t...2P;B.Z7.+..C.UYF.r..UE...v....".q.U..._.K)F.....ta..g...&...<RZ.(....lb...Pb.Ne.d/=1.M...i....1.(....Z.......5..A.s.A1.........O
                                                                                                                                                                                Process:C:\ProgramData\C9C8.tmp
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):150528
                                                                                                                                                                                Entropy (8bit):7.997535399099202
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:3072:lxHScHxKAEKP9Qz6aAPaxHScHxKAEKP9Qz6aAPaxHScHxKD:HSK39QpOSSK39QpOSSp
                                                                                                                                                                                MD5:11499623BBA31A5B50FFD13D9493CA2A
                                                                                                                                                                                SHA1:7F5D41D236C0DFE723F94BF4FE71985FC6245B99
                                                                                                                                                                                SHA-256:646E2FA1F570A8E65A313BDBA8D26FD19CC6DE031A8B89CD326226A463D742C2
                                                                                                                                                                                SHA-512:01CBAEBE00577C3D205B63AF634BA73A0CCA8F607DC13092C81A105E0CAC36E0426C113E54226DCDC55AE0130D5F4C1D5D3A8086BD0A532FCD4FD877CFAA910D
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:z...s.A......$t....@.%....t72...|....../..H.V..D.N{.-...8Y....H,F!b..}..}.IJ...{..Me..v...&Zw5.=....W.J...Pc.6U.R..0.Q...h.H..b.SV.S*.... ....._$#..Tc...r.....p.Nb.Qy....|..^WC....{...!.T7e.U.....{..RB...K....M.2.........,.C.,BI.5.[.D..M0.z.a*....(w...p..@..1....N....g.o.7...ig.1P..T$...`.8...(...dj....iN.....x&8..j....cQXn....J|U....3L.Y...B..A..IM-............z2jb.....;?.sbS))..cm..._...n.....s....vu..K.#o..._...+...`+....M\k..+..(`.....M.1Z..,Ke...EM.t...s...G..l.B.`N....oYJK.h.....i..9.Uv....1k2L......z46....=.^...39...D..e8.U..}...{[\....&......x..rt..72....y.I8..N.y....mg............o|.8.x.....)......h....7.GR....\.:w........".6.m.;i.....|j..3..m)Y>0..X.......0.?.C..sCx....^R....#.5..=0.X.+.[.e.Z...G`.X.73.c.T:........b`tE.......qT.n.....".....Fu.....y......Jh.....j....Em.@........F...)..k#..y].t...2P;B.Z7.+..C.UYF.r..UE...v....".q.U..._.K)F.....ta..g...&...<RZ.(....lb...Pb.Ne.d/=1.M...i....1.(....Z.......5..A.s.A1.........O
                                                                                                                                                                                Process:C:\ProgramData\C9C8.tmp
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):150528
                                                                                                                                                                                Entropy (8bit):7.997535399099202
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:3072:lxHScHxKAEKP9Qz6aAPaxHScHxKAEKP9Qz6aAPaxHScHxKD:HSK39QpOSSK39QpOSSp
                                                                                                                                                                                MD5:11499623BBA31A5B50FFD13D9493CA2A
                                                                                                                                                                                SHA1:7F5D41D236C0DFE723F94BF4FE71985FC6245B99
                                                                                                                                                                                SHA-256:646E2FA1F570A8E65A313BDBA8D26FD19CC6DE031A8B89CD326226A463D742C2
                                                                                                                                                                                SHA-512:01CBAEBE00577C3D205B63AF634BA73A0CCA8F607DC13092C81A105E0CAC36E0426C113E54226DCDC55AE0130D5F4C1D5D3A8086BD0A532FCD4FD877CFAA910D
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:z...s.A......$t....@.%....t72...|....../..H.V..D.N{.-...8Y....H,F!b..}..}.IJ...{..Me..v...&Zw5.=....W.J...Pc.6U.R..0.Q...h.H..b.SV.S*.... ....._$#..Tc...r.....p.Nb.Qy....|..^WC....{...!.T7e.U.....{..RB...K....M.2.........,.C.,BI.5.[.D..M0.z.a*....(w...p..@..1....N....g.o.7...ig.1P..T$...`.8...(...dj....iN.....x&8..j....cQXn....J|U....3L.Y...B..A..IM-............z2jb.....;?.sbS))..cm..._...n.....s....vu..K.#o..._...+...`+....M\k..+..(`.....M.1Z..,Ke...EM.t...s...G..l.B.`N....oYJK.h.....i..9.Uv....1k2L......z46....=.^...39...D..e8.U..}...{[\....&......x..rt..72....y.I8..N.y....mg............o|.8.x.....)......h....7.GR....\.:w........".6.m.;i.....|j..3..m)Y>0..X.......0.?.C..sCx....^R....#.5..=0.X.+.[.e.Z...G`.X.73.c.T:........b`tE.......qT.n.....".....Fu.....y......Jh.....j....Em.@........F...)..k#..y].t...2P;B.Z7.+..C.UYF.r..UE...v....".q.U..._.K)F.....ta..g...&...<RZ.(....lb...Pb.Ne.d/=1.M...i....1.(....Z.......5..A.s.A1.........O
                                                                                                                                                                                Process:C:\ProgramData\C9C8.tmp
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):150528
                                                                                                                                                                                Entropy (8bit):7.997535399099202
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:3072:lxHScHxKAEKP9Qz6aAPaxHScHxKAEKP9Qz6aAPaxHScHxKD:HSK39QpOSSK39QpOSSp
                                                                                                                                                                                MD5:11499623BBA31A5B50FFD13D9493CA2A
                                                                                                                                                                                SHA1:7F5D41D236C0DFE723F94BF4FE71985FC6245B99
                                                                                                                                                                                SHA-256:646E2FA1F570A8E65A313BDBA8D26FD19CC6DE031A8B89CD326226A463D742C2
                                                                                                                                                                                SHA-512:01CBAEBE00577C3D205B63AF634BA73A0CCA8F607DC13092C81A105E0CAC36E0426C113E54226DCDC55AE0130D5F4C1D5D3A8086BD0A532FCD4FD877CFAA910D
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:z...s.A......$t....@.%....t72...|....../..H.V..D.N{.-...8Y....H,F!b..}..}.IJ...{..Me..v...&Zw5.=....W.J...Pc.6U.R..0.Q...h.H..b.SV.S*.... ....._$#..Tc...r.....p.Nb.Qy....|..^WC....{...!.T7e.U.....{..RB...K....M.2.........,.C.,BI.5.[.D..M0.z.a*....(w...p..@..1....N....g.o.7...ig.1P..T$...`.8...(...dj....iN.....x&8..j....cQXn....J|U....3L.Y...B..A..IM-............z2jb.....;?.sbS))..cm..._...n.....s....vu..K.#o..._...+...`+....M\k..+..(`.....M.1Z..,Ke...EM.t...s...G..l.B.`N....oYJK.h.....i..9.Uv....1k2L......z46....=.^...39...D..e8.U..}...{[\....&......x..rt..72....y.I8..N.y....mg............o|.8.x.....)......h....7.GR....\.:w........".6.m.;i.....|j..3..m)Y>0..X.......0.?.C..sCx....^R....#.5..=0.X.+.[.e.Z...G`.X.73.c.T:........b`tE.......qT.n.....".....Fu.....y......Jh.....j....Em.@........F...)..k#..y].t...2P;B.Z7.+..C.UYF.r..UE...v....".q.U..._.K)F.....ta..g...&...<RZ.(....lb...Pb.Ne.d/=1.M...i....1.(....Z.......5..A.s.A1.........O
                                                                                                                                                                                Process:C:\ProgramData\C9C8.tmp
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):150528
                                                                                                                                                                                Entropy (8bit):7.997535399099202
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:3072:lxHScHxKAEKP9Qz6aAPaxHScHxKAEKP9Qz6aAPaxHScHxKD:HSK39QpOSSK39QpOSSp
                                                                                                                                                                                MD5:11499623BBA31A5B50FFD13D9493CA2A
                                                                                                                                                                                SHA1:7F5D41D236C0DFE723F94BF4FE71985FC6245B99
                                                                                                                                                                                SHA-256:646E2FA1F570A8E65A313BDBA8D26FD19CC6DE031A8B89CD326226A463D742C2
                                                                                                                                                                                SHA-512:01CBAEBE00577C3D205B63AF634BA73A0CCA8F607DC13092C81A105E0CAC36E0426C113E54226DCDC55AE0130D5F4C1D5D3A8086BD0A532FCD4FD877CFAA910D
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:z...s.A......$t....@.%....t72...|....../..H.V..D.N{.-...8Y....H,F!b..}..}.IJ...{..Me..v...&Zw5.=....W.J...Pc.6U.R..0.Q...h.H..b.SV.S*.... ....._$#..Tc...r.....p.Nb.Qy....|..^WC....{...!.T7e.U.....{..RB...K....M.2.........,.C.,BI.5.[.D..M0.z.a*....(w...p..@..1....N....g.o.7...ig.1P..T$...`.8...(...dj....iN.....x&8..j....cQXn....J|U....3L.Y...B..A..IM-............z2jb.....;?.sbS))..cm..._...n.....s....vu..K.#o..._...+...`+....M\k..+..(`.....M.1Z..,Ke...EM.t...s...G..l.B.`N....oYJK.h.....i..9.Uv....1k2L......z46....=.^...39...D..e8.U..}...{[\....&......x..rt..72....y.I8..N.y....mg............o|.8.x.....)......h....7.GR....\.:w........".6.m.;i.....|j..3..m)Y>0..X.......0.?.C..sCx....^R....#.5..=0.X.+.[.e.Z...G`.X.73.c.T:........b`tE.......qT.n.....".....Fu.....y......Jh.....j....Em.@........F...)..k#..y].t...2P;B.Z7.+..C.UYF.r..UE...v....".q.U..._.K)F.....ta..g...&...<RZ.(....lb...Pb.Ne.d/=1.M...i....1.(....Z.......5..A.s.A1.........O
                                                                                                                                                                                Process:C:\ProgramData\C9C8.tmp
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):150528
                                                                                                                                                                                Entropy (8bit):7.997535399099202
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:3072:lxHScHxKAEKP9Qz6aAPaxHScHxKAEKP9Qz6aAPaxHScHxKD:HSK39QpOSSK39QpOSSp
                                                                                                                                                                                MD5:11499623BBA31A5B50FFD13D9493CA2A
                                                                                                                                                                                SHA1:7F5D41D236C0DFE723F94BF4FE71985FC6245B99
                                                                                                                                                                                SHA-256:646E2FA1F570A8E65A313BDBA8D26FD19CC6DE031A8B89CD326226A463D742C2
                                                                                                                                                                                SHA-512:01CBAEBE00577C3D205B63AF634BA73A0CCA8F607DC13092C81A105E0CAC36E0426C113E54226DCDC55AE0130D5F4C1D5D3A8086BD0A532FCD4FD877CFAA910D
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:z...s.A......$t....@.%....t72...|....../..H.V..D.N{.-...8Y....H,F!b..}..}.IJ...{..Me..v...&Zw5.=....W.J...Pc.6U.R..0.Q...h.H..b.SV.S*.... ....._$#..Tc...r.....p.Nb.Qy....|..^WC....{...!.T7e.U.....{..RB...K....M.2.........,.C.,BI.5.[.D..M0.z.a*....(w...p..@..1....N....g.o.7...ig.1P..T$...`.8...(...dj....iN.....x&8..j....cQXn....J|U....3L.Y...B..A..IM-............z2jb.....;?.sbS))..cm..._...n.....s....vu..K.#o..._...+...`+....M\k..+..(`.....M.1Z..,Ke...EM.t...s...G..l.B.`N....oYJK.h.....i..9.Uv....1k2L......z46....=.^...39...D..e8.U..}...{[\....&......x..rt..72....y.I8..N.y....mg............o|.8.x.....)......h....7.GR....\.:w........".6.m.;i.....|j..3..m)Y>0..X.......0.?.C..sCx....^R....#.5..=0.X.+.[.e.Z...G`.X.73.c.T:........b`tE.......qT.n.....".....Fu.....y......Jh.....j....Em.@........F...)..k#..y].t...2P;B.Z7.+..C.UYF.r..UE...v....".q.U..._.K)F.....ta..g...&...<RZ.(....lb...Pb.Ne.d/=1.M...i....1.(....Z.......5..A.s.A1.........O
                                                                                                                                                                                Process:C:\ProgramData\C9C8.tmp
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):150528
                                                                                                                                                                                Entropy (8bit):7.997535399099202
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:3072:lxHScHxKAEKP9Qz6aAPaxHScHxKAEKP9Qz6aAPaxHScHxKD:HSK39QpOSSK39QpOSSp
                                                                                                                                                                                MD5:11499623BBA31A5B50FFD13D9493CA2A
                                                                                                                                                                                SHA1:7F5D41D236C0DFE723F94BF4FE71985FC6245B99
                                                                                                                                                                                SHA-256:646E2FA1F570A8E65A313BDBA8D26FD19CC6DE031A8B89CD326226A463D742C2
                                                                                                                                                                                SHA-512:01CBAEBE00577C3D205B63AF634BA73A0CCA8F607DC13092C81A105E0CAC36E0426C113E54226DCDC55AE0130D5F4C1D5D3A8086BD0A532FCD4FD877CFAA910D
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:z...s.A......$t....@.%....t72...|....../..H.V..D.N{.-...8Y....H,F!b..}..}.IJ...{..Me..v...&Zw5.=....W.J...Pc.6U.R..0.Q...h.H..b.SV.S*.... ....._$#..Tc...r.....p.Nb.Qy....|..^WC....{...!.T7e.U.....{..RB...K....M.2.........,.C.,BI.5.[.D..M0.z.a*....(w...p..@..1....N....g.o.7...ig.1P..T$...`.8...(...dj....iN.....x&8..j....cQXn....J|U....3L.Y...B..A..IM-............z2jb.....;?.sbS))..cm..._...n.....s....vu..K.#o..._...+...`+....M\k..+..(`.....M.1Z..,Ke...EM.t...s...G..l.B.`N....oYJK.h.....i..9.Uv....1k2L......z46....=.^...39...D..e8.U..}...{[\....&......x..rt..72....y.I8..N.y....mg............o|.8.x.....)......h....7.GR....\.:w........".6.m.;i.....|j..3..m)Y>0..X.......0.?.C..sCx....^R....#.5..=0.X.+.[.e.Z...G`.X.73.c.T:........b`tE.......qT.n.....".....Fu.....y......Jh.....j....Em.@........F...)..k#..y].t...2P;B.Z7.+..C.UYF.r..UE...v....".q.U..._.K)F.....ta..g...&...<RZ.(....lb...Pb.Ne.d/=1.M...i....1.(....Z.......5..A.s.A1.........O
                                                                                                                                                                                Process:C:\ProgramData\C9C8.tmp
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):150528
                                                                                                                                                                                Entropy (8bit):7.997535399099202
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:3072:lxHScHxKAEKP9Qz6aAPaxHScHxKAEKP9Qz6aAPaxHScHxKD:HSK39QpOSSK39QpOSSp
                                                                                                                                                                                MD5:11499623BBA31A5B50FFD13D9493CA2A
                                                                                                                                                                                SHA1:7F5D41D236C0DFE723F94BF4FE71985FC6245B99
                                                                                                                                                                                SHA-256:646E2FA1F570A8E65A313BDBA8D26FD19CC6DE031A8B89CD326226A463D742C2
                                                                                                                                                                                SHA-512:01CBAEBE00577C3D205B63AF634BA73A0CCA8F607DC13092C81A105E0CAC36E0426C113E54226DCDC55AE0130D5F4C1D5D3A8086BD0A532FCD4FD877CFAA910D
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:z...s.A......$t....@.%....t72...|....../..H.V..D.N{.-...8Y....H,F!b..}..}.IJ...{..Me..v...&Zw5.=....W.J...Pc.6U.R..0.Q...h.H..b.SV.S*.... ....._$#..Tc...r.....p.Nb.Qy....|..^WC....{...!.T7e.U.....{..RB...K....M.2.........,.C.,BI.5.[.D..M0.z.a*....(w...p..@..1....N....g.o.7...ig.1P..T$...`.8...(...dj....iN.....x&8..j....cQXn....J|U....3L.Y...B..A..IM-............z2jb.....;?.sbS))..cm..._...n.....s....vu..K.#o..._...+...`+....M\k..+..(`.....M.1Z..,Ke...EM.t...s...G..l.B.`N....oYJK.h.....i..9.Uv....1k2L......z46....=.^...39...D..e8.U..}...{[\....&......x..rt..72....y.I8..N.y....mg............o|.8.x.....)......h....7.GR....\.:w........".6.m.;i.....|j..3..m)Y>0..X.......0.?.C..sCx....^R....#.5..=0.X.+.[.e.Z...G`.X.73.c.T:........b`tE.......qT.n.....".....Fu.....y......Jh.....j....Em.@........F...)..k#..y].t...2P;B.Z7.+..C.UYF.r..UE...v....".q.U..._.K)F.....ta..g...&...<RZ.(....lb...Pb.Ne.d/=1.M...i....1.(....Z.......5..A.s.A1.........O
                                                                                                                                                                                Process:C:\ProgramData\C9C8.tmp
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):150528
                                                                                                                                                                                Entropy (8bit):7.997535399099202
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:3072:lxHScHxKAEKP9Qz6aAPaxHScHxKAEKP9Qz6aAPaxHScHxKD:HSK39QpOSSK39QpOSSp
                                                                                                                                                                                MD5:11499623BBA31A5B50FFD13D9493CA2A
                                                                                                                                                                                SHA1:7F5D41D236C0DFE723F94BF4FE71985FC6245B99
                                                                                                                                                                                SHA-256:646E2FA1F570A8E65A313BDBA8D26FD19CC6DE031A8B89CD326226A463D742C2
                                                                                                                                                                                SHA-512:01CBAEBE00577C3D205B63AF634BA73A0CCA8F607DC13092C81A105E0CAC36E0426C113E54226DCDC55AE0130D5F4C1D5D3A8086BD0A532FCD4FD877CFAA910D
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:z...s.A......$t....@.%....t72...|....../..H.V..D.N{.-...8Y....H,F!b..}..}.IJ...{..Me..v...&Zw5.=....W.J...Pc.6U.R..0.Q...h.H..b.SV.S*.... ....._$#..Tc...r.....p.Nb.Qy....|..^WC....{...!.T7e.U.....{..RB...K....M.2.........,.C.,BI.5.[.D..M0.z.a*....(w...p..@..1....N....g.o.7...ig.1P..T$...`.8...(...dj....iN.....x&8..j....cQXn....J|U....3L.Y...B..A..IM-............z2jb.....;?.sbS))..cm..._...n.....s....vu..K.#o..._...+...`+....M\k..+..(`.....M.1Z..,Ke...EM.t...s...G..l.B.`N....oYJK.h.....i..9.Uv....1k2L......z46....=.^...39...D..e8.U..}...{[\....&......x..rt..72....y.I8..N.y....mg............o|.8.x.....)......h....7.GR....\.:w........".6.m.;i.....|j..3..m)Y>0..X.......0.?.C..sCx....^R....#.5..=0.X.+.[.e.Z...G`.X.73.c.T:........b`tE.......qT.n.....".....Fu.....y......Jh.....j....Em.@........F...)..k#..y].t...2P;B.Z7.+..C.UYF.r..UE...v....".q.U..._.K)F.....ta..g...&...<RZ.(....lb...Pb.Ne.d/=1.M...i....1.(....Z.......5..A.s.A1.........O
                                                                                                                                                                                Process:C:\ProgramData\C9C8.tmp
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):150528
                                                                                                                                                                                Entropy (8bit):7.997535399099202
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:3072:lxHScHxKAEKP9Qz6aAPaxHScHxKAEKP9Qz6aAPaxHScHxKD:HSK39QpOSSK39QpOSSp
                                                                                                                                                                                MD5:11499623BBA31A5B50FFD13D9493CA2A
                                                                                                                                                                                SHA1:7F5D41D236C0DFE723F94BF4FE71985FC6245B99
                                                                                                                                                                                SHA-256:646E2FA1F570A8E65A313BDBA8D26FD19CC6DE031A8B89CD326226A463D742C2
                                                                                                                                                                                SHA-512:01CBAEBE00577C3D205B63AF634BA73A0CCA8F607DC13092C81A105E0CAC36E0426C113E54226DCDC55AE0130D5F4C1D5D3A8086BD0A532FCD4FD877CFAA910D
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:z...s.A......$t....@.%....t72...|....../..H.V..D.N{.-...8Y....H,F!b..}..}.IJ...{..Me..v...&Zw5.=....W.J...Pc.6U.R..0.Q...h.H..b.SV.S*.... ....._$#..Tc...r.....p.Nb.Qy....|..^WC....{...!.T7e.U.....{..RB...K....M.2.........,.C.,BI.5.[.D..M0.z.a*....(w...p..@..1....N....g.o.7...ig.1P..T$...`.8...(...dj....iN.....x&8..j....cQXn....J|U....3L.Y...B..A..IM-............z2jb.....;?.sbS))..cm..._...n.....s....vu..K.#o..._...+...`+....M\k..+..(`.....M.1Z..,Ke...EM.t...s...G..l.B.`N....oYJK.h.....i..9.Uv....1k2L......z46....=.^...39...D..e8.U..}...{[\....&......x..rt..72....y.I8..N.y....mg............o|.8.x.....)......h....7.GR....\.:w........".6.m.;i.....|j..3..m)Y>0..X.......0.?.C..sCx....^R....#.5..=0.X.+.[.e.Z...G`.X.73.c.T:........b`tE.......qT.n.....".....Fu.....y......Jh.....j....Em.@........F...)..k#..y].t...2P;B.Z7.+..C.UYF.r..UE...v....".q.U..._.K)F.....ta..g...&...<RZ.(....lb...Pb.Ne.d/=1.M...i....1.(....Z.......5..A.s.A1.........O
                                                                                                                                                                                Process:C:\ProgramData\C9C8.tmp
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):150528
                                                                                                                                                                                Entropy (8bit):7.997535399099202
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:3072:lxHScHxKAEKP9Qz6aAPaxHScHxKAEKP9Qz6aAPaxHScHxKD:HSK39QpOSSK39QpOSSp
                                                                                                                                                                                MD5:11499623BBA31A5B50FFD13D9493CA2A
                                                                                                                                                                                SHA1:7F5D41D236C0DFE723F94BF4FE71985FC6245B99
                                                                                                                                                                                SHA-256:646E2FA1F570A8E65A313BDBA8D26FD19CC6DE031A8B89CD326226A463D742C2
                                                                                                                                                                                SHA-512:01CBAEBE00577C3D205B63AF634BA73A0CCA8F607DC13092C81A105E0CAC36E0426C113E54226DCDC55AE0130D5F4C1D5D3A8086BD0A532FCD4FD877CFAA910D
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:z...s.A......$t....@.%....t72...|....../..H.V..D.N{.-...8Y....H,F!b..}..}.IJ...{..Me..v...&Zw5.=....W.J...Pc.6U.R..0.Q...h.H..b.SV.S*.... ....._$#..Tc...r.....p.Nb.Qy....|..^WC....{...!.T7e.U.....{..RB...K....M.2.........,.C.,BI.5.[.D..M0.z.a*....(w...p..@..1....N....g.o.7...ig.1P..T$...`.8...(...dj....iN.....x&8..j....cQXn....J|U....3L.Y...B..A..IM-............z2jb.....;?.sbS))..cm..._...n.....s....vu..K.#o..._...+...`+....M\k..+..(`.....M.1Z..,Ke...EM.t...s...G..l.B.`N....oYJK.h.....i..9.Uv....1k2L......z46....=.^...39...D..e8.U..}...{[\....&......x..rt..72....y.I8..N.y....mg............o|.8.x.....)......h....7.GR....\.:w........".6.m.;i.....|j..3..m)Y>0..X.......0.?.C..sCx....^R....#.5..=0.X.+.[.e.Z...G`.X.73.c.T:........b`tE.......qT.n.....".....Fu.....y......Jh.....j....Em.@........F...)..k#..y].t...2P;B.Z7.+..C.UYF.r..UE...v....".q.U..._.K)F.....ta..g...&...<RZ.(....lb...Pb.Ne.d/=1.M...i....1.(....Z.......5..A.s.A1.........O
                                                                                                                                                                                Process:C:\ProgramData\C9C8.tmp
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):150528
                                                                                                                                                                                Entropy (8bit):7.997535399099202
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:3072:lxHScHxKAEKP9Qz6aAPaxHScHxKAEKP9Qz6aAPaxHScHxKD:HSK39QpOSSK39QpOSSp
                                                                                                                                                                                MD5:11499623BBA31A5B50FFD13D9493CA2A
                                                                                                                                                                                SHA1:7F5D41D236C0DFE723F94BF4FE71985FC6245B99
                                                                                                                                                                                SHA-256:646E2FA1F570A8E65A313BDBA8D26FD19CC6DE031A8B89CD326226A463D742C2
                                                                                                                                                                                SHA-512:01CBAEBE00577C3D205B63AF634BA73A0CCA8F607DC13092C81A105E0CAC36E0426C113E54226DCDC55AE0130D5F4C1D5D3A8086BD0A532FCD4FD877CFAA910D
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:z...s.A......$t....@.%....t72...|....../..H.V..D.N{.-...8Y....H,F!b..}..}.IJ...{..Me..v...&Zw5.=....W.J...Pc.6U.R..0.Q...h.H..b.SV.S*.... ....._$#..Tc...r.....p.Nb.Qy....|..^WC....{...!.T7e.U.....{..RB...K....M.2.........,.C.,BI.5.[.D..M0.z.a*....(w...p..@..1....N....g.o.7...ig.1P..T$...`.8...(...dj....iN.....x&8..j....cQXn....J|U....3L.Y...B..A..IM-............z2jb.....;?.sbS))..cm..._...n.....s....vu..K.#o..._...+...`+....M\k..+..(`.....M.1Z..,Ke...EM.t...s...G..l.B.`N....oYJK.h.....i..9.Uv....1k2L......z46....=.^...39...D..e8.U..}...{[\....&......x..rt..72....y.I8..N.y....mg............o|.8.x.....)......h....7.GR....\.:w........".6.m.;i.....|j..3..m)Y>0..X.......0.?.C..sCx....^R....#.5..=0.X.+.[.e.Z...G`.X.73.c.T:........b`tE.......qT.n.....".....Fu.....y......Jh.....j....Em.@........F...)..k#..y].t...2P;B.Z7.+..C.UYF.r..UE...v....".q.U..._.K)F.....ta..g...&...<RZ.(....lb...Pb.Ne.d/=1.M...i....1.(....Z.......5..A.s.A1.........O
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\ProgramData\C9C8.tmp
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:modified
                                                                                                                                                                                Size (bytes):150528
                                                                                                                                                                                Entropy (8bit):7.997535399099202
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:3072:lxHScHxKAEKP9Qz6aAPaxHScHxKAEKP9Qz6aAPaxHScHxKD:HSK39QpOSSK39QpOSSp
                                                                                                                                                                                MD5:11499623BBA31A5B50FFD13D9493CA2A
                                                                                                                                                                                SHA1:7F5D41D236C0DFE723F94BF4FE71985FC6245B99
                                                                                                                                                                                SHA-256:646E2FA1F570A8E65A313BDBA8D26FD19CC6DE031A8B89CD326226A463D742C2
                                                                                                                                                                                SHA-512:01CBAEBE00577C3D205B63AF634BA73A0CCA8F607DC13092C81A105E0CAC36E0426C113E54226DCDC55AE0130D5F4C1D5D3A8086BD0A532FCD4FD877CFAA910D
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:z...s.A......$t....@.%....t72...|....../..H.V..D.N{.-...8Y....H,F!b..}..}.IJ...{..Me..v...&Zw5.=....W.J...Pc.6U.R..0.Q...h.H..b.SV.S*.... ....._$#..Tc...r.....p.Nb.Qy....|..^WC....{...!.T7e.U.....{..RB...K....M.2.........,.C.,BI.5.[.D..M0.z.a*....(w...p..@..1....N....g.o.7...ig.1P..T$...`.8...(...dj....iN.....x&8..j....cQXn....J|U....3L.Y...B..A..IM-............z2jb.....;?.sbS))..cm..._...n.....s....vu..K.#o..._...+...`+....M\k..+..(`.....M.1Z..,Ke...EM.t...s...G..l.B.`N....oYJK.h.....i..9.Uv....1k2L......z46....=.^...39...D..e8.U..}...{[\....&......x..rt..72....y.I8..N.y....mg............o|.8.x.....)......h....7.GR....\.:w........".6.m.;i.....|j..3..m)Y>0..X.......0.?.C..sCx....^R....#.5..=0.X.+.[.e.Z...G`.X.73.c.T:........b`tE.......qT.n.....".....Fu.....y......Jh.....j....Em.@........F...)..k#..y].t...2P;B.Z7.+..C.UYF.r..UE...v....".q.U..._.K)F.....ta..g...&...<RZ.(....lb...Pb.Ne.d/=1.M...i....1.(....Z.......5..A.s.A1.........O
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1272
                                                                                                                                                                                Entropy (8bit):7.837526523689408
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:ErlXPWgFUrVp0bEHCFgqLmaS16LjCHd7jBcYfh2xs:ErhfMp04HCFggG6Py4q
                                                                                                                                                                                MD5:A84EDDB7A63AC5AE1DC10E4DA9A6E7D9
                                                                                                                                                                                SHA1:C0868395381123E896F50628838DE9E09242F593
                                                                                                                                                                                SHA-256:16D6C0756ACA533C585D9E8C96102D5791C848FF1F65852CBF001B4C0E682F55
                                                                                                                                                                                SHA-512:F8203F49B15A76B5515198988D00603A727448D6ADA954C6BECEC8568B3CA7E3483856DED055E1F0985434B30104064E5FDA493EAEFA059D8D29F22FE41ED079
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..Z.m4_.j.].N..a.dx.j.>..'G.z.d...mW4......U...v...n(j.,.L..S~..2..A..a..w,......d?.s..uA$..E..}..z..wH^$/F.6iI..........>D.B...D\.V...... ..I.7......87s.%"..;.5...D.2R..<..;......y..J9.U.,.k.+?.fRbp"Jl.LB..oJ_./.K._zn...[..{..Zv..C.fY..J...)..js........`..#%..2R.6...E.B.......h..w...G..:M........X.$. Ol.....TZ98_&......<`,^......b.a9.. *b.=.l...L../.|Z._.ukO!/Q*...IS.9...x$$N....5.OY.p.r..4x....]..Y..5...1.X.Wy....dQ.`.u.5.e.:.6..|.a.G..(...#....,.."V..U....ey.3..|[5x..Fh._!....0...^%/..c.:....&..1N..^*...v_.......S..CU.^...m..D-.^Bh{,...D.'O(T...H.._$P..v.}.....A..rCv...........C.1Q.U,.1.u..2./.!C.r3O.y.......@F.^t.%..~J.z@kX.k...G..#..P".<..0.ta.,).....x.!.|.c.;J..+H......~a8Q.].S..i......^..~.+B..\ig4M.........n.2S.F.9.....)...F....B...$W.....t.E....p+...,....a.~".m.w..@_O....0.w...)...?...#0..O....^...q.d.....*|..J...E..w.$..pW8....M"..~.>Gm...S..GA0.(I..........-...T."....B.O#...`M.L..,.o.b;N....8..nh..?d..".L|..KS,..`IIP...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1270
                                                                                                                                                                                Entropy (8bit):7.857765736591863
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:ahLYXOxOiFj5a91o9EtV7WZetXPQMZChUurIjdtYj0nXXa2xs:ahLY+EiFFgtHd7u6dtYwnXxq
                                                                                                                                                                                MD5:D7EAF2F11F67B415396EC954A6F97619
                                                                                                                                                                                SHA1:CBB4BE6E29F112FE473C0F9852CF46B8D81E6C3A
                                                                                                                                                                                SHA-256:1508B5642FD496F4758CD70838E04C9EFE5E166C0CDDA32FB29B068AAC58E2F6
                                                                                                                                                                                SHA-512:8CAD039E5E745519BED1216142F47DAF3B7F267EEFC0ACC0326C6A6F19376AFCC3FE416051F66E419F4DF296B081915AF0AF457D5B023ECAC4A08314ADD1FE6C
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:[.P`.'.O.....9..}..7*.a.zt/..|..U.&>..+*8.}j@;i{.....Cu.<.W......@....(....8f..h\.Y.....H.z../.3.9n!..3.{.O.W......r{.C.[..FA<....I..q@....2.T.l..y.P.-...#...F.7.........dL....b:Y}...[m.H.....V.3e...8.s...P..J.F...!.0.B..l.....#..h...UH.*5R`.....!..?.X..(...m;..^S..*5.(<.b0.f.D.+../.,.A...h.w.9..hyQC.c. .]..n$z..-.?../........=..A.c.l.....\..%{..a........~.#.9.>/...9[.%..C.u.j.<.z..62O..^...z.s.........%T..Ve...!..?N..z.K...y{;..z.]cp.\4...9^..JV>w..X....X.ieEg9@7......."..e.t..+).n..Q:..1.:....^..a.!m.{...X.k.u.@......../..li...:........._$t...;...Q}...m.J..2nu.......p.`=.Im].-m....fy.M.N..C....T...=.".Qg..\B........W...t'.....z....U...=.!9Y...8W..W...|.J>B..Ut K3...1...m.;.5I.^........."..~.$o./..;'....x7(3.<.....6l.........c...[..69=.i.v.....8..4.w.K..]..,w.j.......E.N.&o..mbI..x..\0.'|H*.0.....~.Lp...J..?#Csw+.......6<..pX...VV.....s.h..[..c(4v.f..L<=._^.a.....~2...........6.}...R.'..B.b..]HjM.@....?.4Zb.)<....R.`..LA../..q.R...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1272
                                                                                                                                                                                Entropy (8bit):7.871241099988613
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:KUCBoXh3uyw+UHhFTOq3UZS1a6K8G5VAzuseYJS8/is9COKr2xs:KU8W3uHNFTdtVK8yRYAV0Vq
                                                                                                                                                                                MD5:949C8DA03CD4A393DD6B71C8D2967E92
                                                                                                                                                                                SHA1:8159E5ADC646EE1BF292C7158750EA603AC88F63
                                                                                                                                                                                SHA-256:E9E998CE1736B059DCAFB56E228EEE0724B154DD92D6861E10CA8319606CB5B9
                                                                                                                                                                                SHA-512:2F81DBBFBF0486A57AA3385263959B4374FEF582DBFC54FF997A9802E796B0DE333DCA940DA7EE244A6A4D215775265E9ECC6AAABDCC0AE089672D2E47CCF111
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.P.?...LR.....9...l....WHnx..."rlJ.....}...@y..E.o.1~;......?a.. ..F._..S..#.....x..#&#.WF9......um..\..[.C.....$.....cUp.C...^..,...a....s.0...Z...[t&f`.....T-xH.R..f.Nv.._K."......G..#[..t......4.P..[...p......w_.....+q.h..8......gG.x.............N...h......JX.G...-u.X...O...:}Q...}.Jj'4....?@......$.G'7....<&.Y..Y..{..F;..O*.5..o.e]7=...2..t...1.j-...|...f+..?.....Z..|u.T.............cp._.R...7Gt...A...o)#...!.2...~b[.ric....2.".RM$....a.6...z..MR..B9*...".L..N ,a...b..R...S../.#..n..vp..~v..?...[|.8..1.s..Y..Q.M8...92./....`.V.....j....|-.....\.>;.^.:\k`\5......R...9.%2!.KSO.|0...H8.6..y..m..%^....:1...75l6U......1.x.|.F..R......M.h4...mwj.t,....nV.w.k.....X/h....38.,9.U....Z."Y......4.5............j.......#.z.Et>.=...`....{..x6..Ms.Qv..>..........OC.d.....^...iBb:HJ4.-....u..P..IE.nU...j4xwqS.[..B.J.[(q..Z^..I.Z.p..^.| 5..ctAs.m2E.d.fX.4E>y.U.,......}.em...'._[.c..S.{...|.i..q.6#.F..?....t.p.@...l.?6......vTf..xyfh.S.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1270
                                                                                                                                                                                Entropy (8bit):7.869569928786622
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:6azCZsbCAQfqEjvLtQHPqgZB0mqIRF1mO+0YZAiC0F5pD2xs:0Z7AQfjJaiixbwl3ZAJ0fcq
                                                                                                                                                                                MD5:CDADA50D1636A13716C472F5001AE240
                                                                                                                                                                                SHA1:1DD21A83BDD508CE2026D12A0F0054EEF0177859
                                                                                                                                                                                SHA-256:D7243F425D25FDA4A17DD4780D61F519B9062CA0CD13F2330B4D396602EB6F04
                                                                                                                                                                                SHA-512:4ECD3E13ABC36AA0A46549DFE9AAE1782D1AC77E497B6A5F8CCCA4B6B2C0F2D455C76486B7AE6E319CDCF3187DB0AFDFE98155F9407CBC662596F7D6A815150B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:....H/...n3.U2.........!.Q....;F...Z..a0...i$..>....*N]..4...M6x..;8.^...h.(..H`..W.....R.vON..X>.#....c..8........ ..*.}V%>.e.,{-Y.$.]...1..[69"V...n......9.J.n.j....%z.m...............?.pu...*=/.Cc...8.*..f.p7,*.mI...@3........$.u..![....P..G.....v..*......$Fp.JR...Fr.O]l.&...1.@[g..m.RS.5.o6o.6......r.!.....7..[t..GY.. ;.Y... .S.U.. sJ.....^.5.l|........Xv.G..i!U.[..-X..P..4...K.M@..#.q6.._ZI{.s.*...,.....@..$..A:.~v.R. ...iW...rT..0..na.....US...6..u.f..I\..F./.c..F...K*..-E(.X3..BP.I.H..K..{e..}X....\9.9+hh..>.EJ..;....z.N...:.!.....\..Vj...8E..!.Q$,....z<.@4j*...I..%.3..f.P.'$...D.j...L..m['...5A.D..._.a.q..l..yf@.c.6....N....q.......&.p6L,8.....I8.-.".v..^1t..!.....)/.#.: ..@...d.z.-.......s....s.nV..P.Eo.x.&.8/&m....D......K.o.Z.P.....*B?..ta8.Kd:C {...!f8...76.Y...T.....-y.,p..K..{.........d]....2.[A3.$~..jo).............X-....G...O..RDq..m.Vd...1s.J....|.G..t....(a...z..$...?.WwR...i.....b.......$]....wA.!.T.@Z..r.....9,J.....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1272
                                                                                                                                                                                Entropy (8bit):7.877666996214928
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:uM0tLw2Zr2nMEoh7Fh6OP+9Ls6fPI04FrGtnD0hyTVA2xs:u7O2yWZhxy46ft4CDYuVq
                                                                                                                                                                                MD5:2720E2CE3E985BDA9261F9AAB3A6B8DE
                                                                                                                                                                                SHA1:64DBF3531A933B212A4C6E74E79AE08F1859CCC4
                                                                                                                                                                                SHA-256:F045C86D6BB23A3A39E389AB0DF8ADF496E08B4D4231158E1740C06DD38EC179
                                                                                                                                                                                SHA-512:2D9A7B0B0D5AD1B39EE87D8F04C6F588591EC4CC7F3E5F3C2819111EA33EFC200CFD66A199169F2767D93E5DA12E8E017F575BB59F763DCA5B38B138A67B376E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.;;...ow..n.6....9V../W...m.Y....n.].P..Bn..(*s..q\..+tw.\.>.. !.'U....,<./..jjL...cl(r.+V...T.N..].k..Y.[...N..Ce..=?1n......A....J...t=.:..U$.S``F.).{vg......A..^..{3...-....D .)I.v0MC.\-..=..._...Hm.u.....j..x..#&..I..fm...Q*..mGz.3...f..U.?....e...$..K-.`.XB..K..PC.t.JX.o..z._M.....5...Z..!...t..~..I-.@W......_.-.!.W..R|....wD.*.ZYg......b.\I.w.&.8...7..RYB.{.|..oc...9..C.._..C..E;...=...f..+..b..Q...9....T.......|T.#.'6.#...:.t@....N........m.A?.3....7.[....F).C2...Y.w.x....}..].e.h."..(m..+ao...!8B.....F`.tA.,.5.C.......Y..8.P...E.6gBsbl.*.B4.'wz....._3o..Z..{.$..P.a...z.t.F..#...x..<0R....fx.4....O..%6..... .`].y/FS....9..da....g...je1.8.r."aV...d....u..:.U^WS_.).%....@./.;..(.J...(...y.....%.....]m.......1K..';..gH....k./..g./*P.7.o...SD....Z.."...SeSX"<.o.6h.......'7.g...[*.0.4..Q.......i.E. .jq./..i9-eM0...j%#...A..a..v.....d......1.|.d.$).. ....^.eP..F........G9.;..g.....JK...r$.HU.....&..V=...6G..qI..Q..(.X.....K.....H7af..|..>ubr.:
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1272
                                                                                                                                                                                Entropy (8bit):7.857142573122285
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:0AuCSaqMBm3ckKAWKibxIEty3KmuZrxc6sndZbwsGH4OG2xs:0tVaqdcJxI337u7mbwpH4Otq
                                                                                                                                                                                MD5:2F99A15CE2E8390E61C6354224F4EDF9
                                                                                                                                                                                SHA1:9B8E357CD9E989BFD5AF879D23E1355268489938
                                                                                                                                                                                SHA-256:9AA5CDB6D0B422203395987213FC79CBA88E89928103A4EEB72F3517957F096E
                                                                                                                                                                                SHA-512:5AAA7F6C4C6BEF8D90846CFAD4B6998A7BDF3C1585B32F7A787CDEF2FEF53404A76623E2318B38DC67EBB55767AB1224EEAC221ED848ADB542463FCD26DD0D93
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.........6*.<Q.6....OzE.L..?d./.~Y.3ZE..Ec.)}........!..T....6g..!q.di.W......C..}.A..........l....F..H.."........Tf-.......I/..1E.@(!]S......v.|.;..SH..4"o*.Y....fP...Z..d|Y.~..bCM.5V.T....n......;..,'!g,...w.C.u..DJxC.',2...j.Kn(..D..l......O.|6.}.....7./t.O......$......F..........1.:".d.S..S.~)..6..?...}.J.;..>...cb.@.....ptK~....Jc.Xt.z~.4.N.....0.xn).?....h.p....{..."8.?.#\.k8.E..a...5..>c!.P..u.G}.,3....|?..f..6.G.......j.....+S.9..G..?T.>..a. J.k./........8......P..G....6L..>.8*..24....y....s...=.Ww.P]Er..V..l..H.m^+.F^x^8..+..8,w>8..... ...s.J~n.N...W....R.V._..~;]..|\...F.D..F..S.0....,P\D.].......s..V..X..Z...|..X9V..7...;.o#.#~....K...b..N.....v.b.}...[6....i...:...{...... ..g..B.}.K?.sV2...P......s.....n..GE.T.0T.dFICy..\.O.1..b..k..T..|.!+.r...K.G....u.u..2...5.2....C......].6.I...}^.qE).t.... lg.....p...P..(..N..0@....p.~4..z.......d{._.9...N'."....9....@...bh.....(...{2/.6..kH.GzQ.CN=`.?1....71.b.....~@...z..q..{...L.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1273
                                                                                                                                                                                Entropy (8bit):7.866734264020013
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:Ra+KMSVDrbwmygESc0RbUmvLqL3RRhSdK26r//Tq9zRJD2xs:tKMSVDrsmjcIshidLYTqIq
                                                                                                                                                                                MD5:39B7D7B6336E4FD83CD19DC595188FC8
                                                                                                                                                                                SHA1:C44F2673E384C0C04EE79AD695ABDE2E5C5301F2
                                                                                                                                                                                SHA-256:58614FB4223575D5468839CC3FD08BE2EDC484C2AC60EB899F07EC7879033298
                                                                                                                                                                                SHA-512:4F929EA364198AA828685EB7FF47B155CB6C298D32A152DB6C63E2C8BCC85FA730883B18659A8F4914D0F138C34DA70694A11A9A58350DCA249A45B6019DECBD
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.CA.......w.......P..Lw..-..0ux..Y...?1p}..c-s..%.f..5.-..J.._..we/.WH....:-....vg.mza.$.w&M....tg..,....+..W...w..f...@.g.?.>..>...S.B.E.,......|.pT&.H....A.B...QA...R...._..'.k.:mb`......X ...&>./.|.o...6e .v1..f.*.Q.veuD\....[D t.....zh..@..ZR[).J..v..-.:f..y.%ZhH'}....).......[..q....J.s8q!..2.:GT.D..../...]\.".;.......a..}......cd..Qe......j.6Q<1]F'....th....z....`..3.q.%.... s...s..{.B|.c=G..B8..~M..Kf&z.(.....1..j.n10....3....G.~.:..<..............WK4_.S.[.T5~.w.....b^4.....4.X...FF...T.v..47.Y.OZ....{...b.Kg"/...h.].W..=..q.-c...V...bm"%fDzT,...#R..._...w.......%..N......o.XI...Fq[W{0.&'.I4..I...O.0.u...k...;.n..M........B....M....-.0....'.e..T..q...O?.w8\.......3.@...9/B>. H.....Ik..L.]..EN.k...A:m.}...O.w..7,.[.2.6{#..;..l...^...c6^..%..7.....Lq.......&..$....QI..t9P...D.L..9.].6..g.....R......d...X...&V..I..v..8....rBR.L.....c.WA9[,^..w...c...%X.8..U.C..Z]xF..7.&n.d......0...m.S.w...O.y.....'Qp...*.<4..$MTt:..~B... ..!.Q..<.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1272
                                                                                                                                                                                Entropy (8bit):7.848325321336446
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:ccOA3Eno6WN7eTm4fqR+DuIfveLmlKyzgtHmP2xs:3sonUTqAiIfv0mlKycpq
                                                                                                                                                                                MD5:7CC04A895C98B2F120E0013CE87637D9
                                                                                                                                                                                SHA1:39FA61DA0657802D169C69E004A888EF06A2338C
                                                                                                                                                                                SHA-256:A9531F6D87AA863175D9A174CCC4911C31B3B547C9481B0F89EB2F5838017ABD
                                                                                                                                                                                SHA-512:1AFC180BE6CBB888219BA097409A7ABCE79F1026BD49CEE1E2A563991F509ECA1031B9813A4974DA1FCB5746E2386399FC2A73C8A6E5B875489ADBDD6B996D6A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.=........'..R..R....j..p3M..L........r.9P~<......47_.LA..{.D..-xz.h.wJ.|..yF.&..,..`....wH.o..k...y.3-...Z....$..*..&...^..vI....&.^hqk....O].".O.o.D..s..=/.$.A.y1....gu(*t..gK.m.:H...y..1.....c+..$.'v.YmEQ.FH.....@..GA.QK..g..l.O.......k4.^PFuN..i.....>j..c...m...I.E....&W.........LM.^.^|->z...z.u.$.......C...Z7.....R.h<>v.Q.N.ka...I.%.m..z./.&...b.cX&5......y...}T.C.%[Z.<9[Ja.......:.'..s...CJ..\ev....K.n.eZ1p5ni...[...~..Q..?.R..[:.K..h....P..B.....muo2a.x._1[.^.B&..A.{U.3....]...2...8.I.. X<n.R.8..^...:.Z...].NGR.Y6.A.v....[.",>..?]!d...t%.W.F......c......'.........b..I.).v..._...7.........q0..7r.....z.".F........G.n.(..8=..s.n.!....;.`.......jw.H.6`.XfB...rF..<..}..d].&H.....9.:vKK.h....z[D....q+....Y_U....AFp.U....DO..@.T_....@..Y..Q6.mU.(......(E]..l..MRt.G)7Z....A.C....z....-)Z....&..KY..v.L\.bt.....1W_.\.eB.L...-<%e.^......4..mG.Z:..^..'.I.d..^.%V.z..{..W....&7.......$..Txw.:....p...v.z5r..>..U.g..i9....Vi..mA$..P......=.PUc$q.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1270
                                                                                                                                                                                Entropy (8bit):7.853125080373861
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:Z7cpiwYyH/pAwJuZg2CwpRWRVuBAQseyKG7aUxFfW3qvtEhkbWnmt2xs:SwqYZg2CwLW37QsZxFPtEhAWZq
                                                                                                                                                                                MD5:56ADCED8E725451D754C0ED26F0D04A5
                                                                                                                                                                                SHA1:A485F3DD36AC7A75CB382921F8072C3F29367C0F
                                                                                                                                                                                SHA-256:C1C747389F17D7620D7D91E8DFE3A615842E17CAF8D147A62CBBC655E2305FAA
                                                                                                                                                                                SHA-512:F58EA662602794F0162064265D1F71E9F7A53AAB648338826638037CC3DCFA5AAE8237A7CD4D73E6CC3D8CE2E380EBDD20B25755CE3CBCC18C201A2D9159B7EA
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.W}.{..|.X."...(..gV..a..... .x..2P.j.........$..T.*9r...,om...}....Y...Q.8.Q...%+.E.s_..aR....=}S|[.. +].....E.m*).E.J.u.>m.|^.@.y.....v.>"9..,..:..E0:...R.}.......+.y-hR.....A....I...D...b...:H..+0..kD.s...K..)..$...~B...!...stW..tFd....h...5..P.9.F.%[@......T.ltz.,rx.....\7.\[.7l......^.v.....-.......o.).S.PU&.#...W......ZT..!u.av..b.\.]Z-.e...x..5@......a..cIEvh...d......6&..........u.J...d...zE:...a.N....^..E.......;..J..{L........d3q..'.o..=TK.<..Lg..J...)\.;1.....+uc....6.?l.l..]..ry...Gg....o..3...h0SS.m.......P.h.........32...g...*R.D...Z_mv....S....-..a...L...ZnO..{.C..i...C.p..9.-6I.mg..2Z...X.s.|.`#..i....."..U...,!.}M6L.........hr.:..V.T\...K.?,[.C.....V...;.q'.a.. .&..._...u..;....3.......H......|.,......=...d.....8!...v..8.-.k........$.......{....R...@.7.e.k:.._.0.4..=....*9..Y.r8..3.L4..h.....@}.....h5B...........k^;.}.... .#"$.A...#K..bo.....M...2.b.......K ...|.. .(...=8..ts...A.....\.NM. ...@x?.......4...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1272
                                                                                                                                                                                Entropy (8bit):7.833833685094836
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:8iEeQ6dlGc0405565ZUvnTqhK1zK0r9YYe9hmzqfs92eO2xs:gxeGcxy+UiV0ryYAozGle1q
                                                                                                                                                                                MD5:2B4121CD663D9E6C7EF4391D9E63CD11
                                                                                                                                                                                SHA1:3A9CE7994F17DD328A815E0826474EC8DAE2402F
                                                                                                                                                                                SHA-256:F315D631C0B98BA4E173AA5BF51302F900B0F6DAA30B02C4FD5C2B54B3526B02
                                                                                                                                                                                SHA-512:0438808E1A4A2535C711BF0A5982EB1CD3704D4DC1EF81F8447E8F534943B1C1A77CDB60FB4B829882CEA6129D0DEE0B7D3124DE6683EC2C22DCFCAF87123BB1
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:,..w;.04.......h.~o....~.........o...`Kd.....3...s...9..+/1._.....j..~,..y...P.4........}.a.h..y..&:.c..HC.F9c...s..".X..w...[........2..q0.....iO....6.<|....2c......D\........b.Q..&..=kU...=....T.].M.}.L.p.@n<Q..q...c.v|.~..t..c....+..hoM......mQwB.....`.b.;Z...K...4...\[.Yi..r%.d......Jk...M..ln.(\.+....P....9r..'.....$l./8..i#.....S... ..lk.[.rS....FC*.Y%.......Eo`K..S5..A..G.g.2....y.._..el.s" /.0.[xH^..?Z+.U...?...".V...'=...%.l.P...C.....w......e....S..@zQ.7 ....>4...R..yk.h.F........m..$...y>&^....4.4$Xy.*)........h.M...2..G..y\..S..T.!..vo.w.K.r.y..&.v3a..vz..N...V.. .......N....U+M.,6..BD=`....fF}j.....n".....[.$..#..c.h./...".Z.."..6..d.kC/.5..Sn..U8....B.\.;8.?..&[kG...............|[k......... ..fH..u....nFMq@.9I=~.se.d."rQ4Rcp-..].q......1ql..=..Q..2P....A0=8....=..A..k[.M....]I..........t...[..*..0.v.O..S...].....$..T!u.....U..1.}..3..W..o.....#....G-I.=1[.......j!..f...k3.f.../.:/N.z.........!...e....}.Ec..."...).5<
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1270
                                                                                                                                                                                Entropy (8bit):7.847695371045386
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:/mUAyRPa1YKVEEgMX34yIllmcGFqzUH0uvsDu3F3oJqJ79pLCyX+PGN155b02xs:/WgEHaEl3gsQzUH0uvsyeI/HX+GhbPq
                                                                                                                                                                                MD5:B0DEBA7D1C69F92568B2FFE2B42BDAAF
                                                                                                                                                                                SHA1:1DBEF5AD79AC5278330679C0CE442BAEF6A3740A
                                                                                                                                                                                SHA-256:CA2B7EE136CC76A1014E93B6CEEF7FD51B84D5D0E4137573FD392950B34D94E2
                                                                                                                                                                                SHA-512:C8B14E82B0BEB133B7183F3DBC1DDB9734D0569CC983B4D2A05ADE1AA1117230FD77320A583498737A959173A79FBF1F3D7E21DA5EABD7D9C6F2127A922D0323
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.Oc.f..v....&..pA.(d]zp'.u,.E.@VQ.>.......(..B..qlb+...#.D.R-Gd.bm2...1..6)0.q....n5..q).y<....E......cW#..7,.L....>.......sF..ic.iZ..-...C'..2ULV..?+.a..x%.....j.lIOZ ..6..4,..........I.t$.i.Q..c.7~....&h.K..s.....v./.)<o...n..*......p..;......1.=..t......G..9?.}.fJ....6...&...q..V.F.g...wS....3.7.W..N..J..t..._..~.!2..Iv.6.u_..."..!...0Y.$4..G....B...Q...p`/e.."W..H._.......g...7EKR.<s"......K..u....eYW..)....Eew..`@!../..H..D...{4...[..........V<SZ;...."......H.0(.d...!x...(t..5.......B.-..U....>..9...V._.`.>2|.. .l4B*.(..sM.v.?m...u.p.......e....*W\..o.......].)..."w....#q...n..=.u....}.......+.[.b<...h.J.``...E.*..,...Ek.......V;.....pv....<.7...,>.DD{...--..C..Dw.ee...+..Dg."...x..]*r.p.q.a..9..6.M0:....o.W.0k....6..~.N!...^..........KYl..<.d.=.n...f..A...O9..5..X8......0..S.}...( K.r..0..].u|..2.m8..>.l..OM:.N)xi....NH.brGV.....]...]\@.5|gAm...Z.....+.E..8..'.....f.v..^.U...s._......yD\i\.9.....*....VP......8g..$$...D....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1272
                                                                                                                                                                                Entropy (8bit):7.840044372340252
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:NbyCAFbaxu8FwYsV+7rYCqPYsvfqd1z2xs:NG1Fbv4wJVQ8CqPYgewq
                                                                                                                                                                                MD5:B22A514DBFA06B67607D10340AEC580B
                                                                                                                                                                                SHA1:37A21F9C8824E5A1AA1DDBFC311182BBB8291330
                                                                                                                                                                                SHA-256:0D13C6E15AE20B415882041156DE2B4A31C05DD5C35E2C0F2FBB78CBA9846AC5
                                                                                                                                                                                SHA-512:B987A01DE06427059DD65D204E25BB88E55B8537F23453DEFE32E0752C84983FBEA51879939F4CDD4228B575FEF02DBC40AE6277FD44943B80AE90867CFC0CE6
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:V7.W...1...o.<..D:.Rx.B........z..E......F`-J_J..D".......u>[..M.x.@M.$.A..P.......1I...y.f......p.:.:1.>z...|[./...X:j.....J.z.y..A.IM.6Q;..|~Ji.G.<.|g....'o.#/.<....."..=...G:......}.cr.O.......duj~...VlU..n...Dm..3.|.{5.....(...^....t.....-4N...Z....V.>....]. 6L..M.3A.zO.......D.n.7..`1.]:....qH.!..i.tu...7F.....}~.........m.L7.v.!c..j....K.q.....L'.,.~;2L@.O...f..VX..i.......M..N...T...s.V...4.2S..iIa..f.+.../....^....,..?...WFU...0?..k>DN..~.C..{.+8]!4..Z.?g:=..@....}..k.<S~.Xk..i.9{.v...c.uu...M..e .~.s..z.2{C......P....&....^f._p..P..M.4O...=v....54".f....4..*..eq-G.w..Xp.\.....\R*[x.fM)yD.>1J.ijE.3b^...'......u..n..@......D.pt..J.L4.M".w....0Ku...-..Xn.>%.z.%z......e2...&......A...^.n..(/@.......a...I...a..V....[%..K...U.*I...MG.^[..a.6..!..Gy.W:..A..-_^...;.:G.S....{......Atn.....:..$..[....-&.#(.4...U1F"...R....4.,.|...K...pC.../.G.X..,K.......1...cO.y...].('8.4l..=l&......Nf..d...c...(J...C.Vi3QGXR.1Tf...y'./..c....Z.h+S.8....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1273
                                                                                                                                                                                Entropy (8bit):7.8566955112404235
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:X+iyjFfRLHEvFiJmLab3whRWP+JNIwuDZalL2oA62xs:Sn64JAMUUGJNIwcceq
                                                                                                                                                                                MD5:9F6E1C8EF0503B8D6150E1DA413D1CD0
                                                                                                                                                                                SHA1:3EE7DDEC04482A0433C88AC738494AE249B33CE1
                                                                                                                                                                                SHA-256:923B505DA1CF3C525AC57B3CC1584EAEC7555E400B38E8B82269689AA8984A03
                                                                                                                                                                                SHA-512:2A1E1723BDC4865448FAEA3A20DF3726124A117B10986DE08D4DD219831454D551F8641C4570EF0180B196A38235DF7309BC893BEB92D8DF56157D1505181D12
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.0. ....Uy.W..e.euc..J.[$..v..#....o.5...$Z-.&.s....?.Sd....J>.9-..DM..B...c..E..'~........7v.....h.I:.C...U4j.5e...lJom..f.Y.X2.]%.Nq...9...~.....HB.w.ls*.....<..{.j......W...K.....P(..W."B.y<..+dt.,|.d.....L.J.3.M....B.....0..v.......]Y....'&1E~p.. 0."..Z....'o..`..^/.0.1.~Ed...`..[^.5.s..a@.RU^8..<-t..c..e.ep{<.Ma..g............5.........A0..Q..E.....C;:..".D. IwI=j...k.x.+7.L..k.G..K#...6f.>..../..g=2.5f.../..~...D..>XP0....8...7.(..uZ?....{!...#.P.6.....(.xsD.1/y..AQqR.S....m.X..x.E..k..n....P....J.F...A.&w{.`.vC!..... .Se..L........./C).S.a..-..yj<w.^x_..., ..{DndC..\...d7.?.E.....A......5....o..,"....V^.+8..S}.d..I1C)..\....F^../...o.o...p...s...Z'R{#.v....}.s..^'4.....>s..PR..4.cH.~Fi......N.{=.k.fm...i.}vS.D6.9h..Y..9U._m..U...O.q]-....r.2."....M.....i......-..8..q..[&6ZH.4|v.F.7.....Y....q%..l....{....>?>s..5J..;.._...}.Q.)r...K...r....6.J.x.5O....R'........|9>...%....1-....n.../..B..b....1..Q..a..}.z..8iH....o'.I.y}W)
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1272
                                                                                                                                                                                Entropy (8bit):7.853621032597014
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:ZPhZEHgnaSc4akhTimr4sG2bRl39OsXPcYSKd5GJZ+7lr2xs:Z5Z1Jc4a1mrTLNl39OQ0HK7G+qq
                                                                                                                                                                                MD5:67109CD4C3B0732FD45CAE2C12D51A5F
                                                                                                                                                                                SHA1:02AE6E062475EA28AA6CD84E012F3DE52341ECE3
                                                                                                                                                                                SHA-256:63A520DAB2446207461D3B990B934B68EEFF4F02287567FB6DD5C3631260D570
                                                                                                                                                                                SHA-512:3E74B060800D279AA2278A804B76D0E4749561E3FD3BC6E76877D97A404C3B871F121D8C09EE5A1E97C2DB43BC58377AB4C5C5E3F333FA1C629682D94012EE39
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.....".y..lf.1...#.."..F....'.\..a.<.4..B!Q}U+6].O.)H.\z..RA..w.L..........&......FM....z../Jz*........Vx.*...."s.......d=.p.]n._.].i..iJ...Hj..8..V......").v..1.......&j...A...@i1...E.H.j....Ks..i.C!=......(4l..(.,.W...t.y8..n....:z.:`&*..:X.......;k@....._L...j....C..<........%......)T.......;.p..L.EjY9..#5......s.p.H.x6.\..N.L.z..*..".Y.s..V".p.],..'G,M.Z..dtC.f......w..Udm.I4...H......Ygqr....+_.)o..u".j2.....bz.9~.z@.....G...5xcVwz.^z{.yqaM...0..../......$.L..XM9.z..x.H/.......,..U1).....".;.d.%...0X..B....I...Hw....].@..kR_[]..~....m..N.l2..%y..0.-N...lG...I..8.....b...........LM..[?.U.7*.y>Y....a...N...O......zE..|..rKE?......<a.B.F...~2Q...{i.9..6TZ.+."..E.....Z\`...:.r...~...Dqc..%I.A...mh..pH......F.u?...........V.l(..uf....'...?..-..=?.D.H.d..-,.8.8H..1.n$bw..4....v.....J......N...$..W.G.0h.J..E.PD.......@.v..>$V.Sa.......8....7.t+6?.>%.5.K.2.U ..F..m...)..4.X..eD.,...?..CE..Hu...nev${._..2e.w.7.?............A...mX.%.L...I
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1273
                                                                                                                                                                                Entropy (8bit):7.854026400260953
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:bsqsgdy+DcYmu6Q8ACRM3lwMFYg6zg6SHtTudmSj+6EY9BJwguR2xs:bsqsCAYmuReW3fWy6SSdmAEY3nq
                                                                                                                                                                                MD5:B26FE49800F7BE7176FDC5E27A824B6A
                                                                                                                                                                                SHA1:3BCB122619CCCF21247EE3CFBA615241C0658BD0
                                                                                                                                                                                SHA-256:A3885A276D85800D79A17B61F0487669E209B11911A54EF2591A1CA0B457E886
                                                                                                                                                                                SHA-512:38F19AF166D4705B01BD48AD76DE4DEB62D5744774B3BC8B293CAE643A755C80C94F0F21AE57E9F81248116CE6452E9A4FB2779313DB784FC714A32A558CC84B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.@..62.A.*.I.C..8...h.N.A<...j.X........I...y.12.^c...Wr........ .4.$.P.......zL.kn..{.%0..J.hB.F.T....j.2GU|.t.<C......:...C..5f..XNG.....V.S.-b7..q.5.R|u...@.![Z.....+$..-.....B.y.#.M..0.T..6o.b.%............@.......9,.s.......HG...x?Ib...B..DXR.%%.`/.zwEz..V.G.y....3...5..~.....y.xX:.&DL.wW..Hl.[t.R2i[0..*..q.j...$..._.\(......x..i*dC.Y.f...IQg/C.....f..;<.......9Ki.9....8_L.aU-L~...bj....Bg8.~{.v.4w..>....v.@.c.kn.+.;P.l...-.IXGwM..|R..._J...(.....|Pp..6$......8.V.EU.....{..i.{.......Z.q.-..1...<#.#:D.p......rj....>...>.".g...1..Y..)..>..Z..:t...x..<.Ja.%....#.pw. .U...".'..HA....3...NJ~,..V0C..{.[va.Y..q.P.Lj.L.l.c.PS..R...:....Z}|.Pfl.d.=.R.X........n...........".v..qD...W.c.l..m./.....u....U......I.^...L..) .;../_s...)g.pg>/.~.A......O-c..y`....2.i.<Z.a....[8.7p.G:....-I..S.A=.u.rd.H{.@+...q..F.....;'.R..Q..-L.8)....S9..0..K./.zb.O.s..Vkn}..j..7...C....7..*....q.!.i......2)........G...S.j$..@1/"..L.o..I.8.....r....\7....!..VZ.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1272
                                                                                                                                                                                Entropy (8bit):7.86106750936094
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:gwvVU029gP+DdMYTRS5EBdRTjomDRo9lnIbIE5NLY7r9fyMiySYn2xs:guBmgr4RScjo4RwA5Ir9y/5q
                                                                                                                                                                                MD5:1338D68684C0A56C635735726D5EF36D
                                                                                                                                                                                SHA1:27BFC0AA3F00D70EB9FC4FC100D4CB4F865DC3B0
                                                                                                                                                                                SHA-256:F4C57EC3DF4BE5280311CF859CBF1BADFA7ADE64B5947C9091AB517092C82D1E
                                                                                                                                                                                SHA-512:129F897411DEC1DFE1FBEFE6411DBE64B8BB1D1BB873A78986ACC4D976DE2BB62CEA873E5AF9CEF7D46A58CDEBF300F95D21820BCDAC91DF602A87035EADD3C7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...}.|.%._......".yp[.i=s.N.g.HVnA.U1+.....Y.t{..g..P.[..F?.....0....R."9.Z.Z2.....TWu......p...;T.....7k4P~N..}B.G..(.+Q.... ..C......Tw.........G..G;|.+.....K.F.'..b.EO...i...%..;........C.y.!.'...^.R...en.....(.w.e....I.G.../.XH....A.3...-'.8.b.W..X`....p...o..Z(..S.....0.. ..].O.s..W..mS..5y"H...FJ'.+.2E.p...B...K.f....gC.-.:.B.i.-R.f.AJ.X....CQ.. ..J.^....(.9."....qh.jh.$E........|.-...........!L.%..<...p...N....o.......9(..U..|..i2...M.>R5.h5...!7"..W.).Y..Z..E.L.......x...?..!...wl.erm.$..+....~_......>b.w.{0.(...y.F)..h.6J..H.}..8.E......0U....=.5.....7.....".86E7H.{.qK.Za.I........N..'.9..'r.N..d...../8vvm;e.S.{.R..P5.Ec...#o%..wV.{...+.J.G../....AoQ......9..@K..}}.g3\#.RuJ?.N....... ......J.IPD..._.f.qo...5..K.d4S..S*.0.....$....>x......=O.....f...az.e...T..j.y+...1.../=O.3...=87.......u..~.*.@...O.=.y.WV.Y...o&(....PZ$>..5.&....S.=.d.........".C./..#.|..=c.!.....'........05...jW:.....}8......y.#.|.E...K.tWb..AE.thL
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1273
                                                                                                                                                                                Entropy (8bit):7.819579187294146
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:hYgcrZK8yEz3zRwKb0qX/g5V/RPSRwVygRrun/5tuh3jyF2xs:hYgcM83xxP6/RWwEBMjRq
                                                                                                                                                                                MD5:B7AE92ABACF9A9D5B1A3976AAB773ED1
                                                                                                                                                                                SHA1:BAD876E00F2CEEBFF3ABD6D2B7B02FAA2FACBA72
                                                                                                                                                                                SHA-256:24751320F0F1BDB9DC744BDB4ACF907838DC742D79E1D7CD47DB89B3D92A3531
                                                                                                                                                                                SHA-512:6E6CA1B3FA2932AE392470BD80F5B228ADB93F340248CAF5EF628A7A9F7236720BDED9DEC6C7AA0CDEF4B9F2C6254B949E34C1D0FB6096359FC86CF2D9F87856
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.%.PYz.j=....@.t.j... b..]..vP ....t.K.3....U..3..>/.m.......;.+{.....m.]5>.....N....aD21..Z..y1..9C.6.t..e{.Z@...[.......>.....k<$6?A~...%.h.I....6W0...~e.h.,".D.Q.-j.......fPm. B.....I.info.K6Sa.t`..i.?..b#..A..U......=..s.B" .q..a..7.a...q...K7Z..#...$..:&..-...g.|.HP.XH.g..5B T.....X...+..9?.....z2W..M7.z..5x....A.^x..L.. ...>j...v...I.&.A..5>mWO\..Tu<..K~\..9w..d..^....z+..3..N....9XpR....%}.......=....C,.i....;.o.".....w..a.:@.).t..c.D....+0.\...>.s3W.DuO.V...$...ptB.)....iT..k....]TQ.y.Z..Ej.W^...(=....d|...e...Z)M.~.4.!-..<...|9..]pN.......JM_.....C.........._..6<.Yc.I.w..+.'..K4.{.35j.d..hf}.T......*Z.......U7.-L..../......C/.x..v..E..].........xS+9..f.%.X. .O.-s.4oB}.#D....,.e..]...e~+8.%9...B.....^:R. 7..@`..e;pF[.B.....i0. ..m.R.~....mL/b........8.y...y-.!A......lr.|.+.5....;O.......z...&M...W.).....A_.).R.z.....(...n..8 ....M..6..5`...j^.-}.......m.@.U....g...._._C....k%E...Ca...]..P6T.n.W.1.V......k.w`.....J... ..7...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1275
                                                                                                                                                                                Entropy (8bit):7.851897288850024
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:TEFF+SrC08t/mjMZXev2QSSlhVzC0vB96DFPkmrg2xs:CYxC2bovExrrq
                                                                                                                                                                                MD5:CF3A4A44CEDBAF909FABB4910073D6BD
                                                                                                                                                                                SHA1:712F0926364B92F9068344B6C708470E5D7F59A6
                                                                                                                                                                                SHA-256:81AE1137BD9F8222D6B5F0F1A7528D8289E2EEFE934BF5782045427B61DEF510
                                                                                                                                                                                SHA-512:5C6794BD2FCFBD2105310F2AA0A0B007D91E2DB99A9EC04BF5818EC1F91171B2860A82DEB777D9F0EC16DF2D52F5F3C2B7CE6D6DCA7BE62D038FCEBB985AFD76
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...<...?...uu-........K..Vt......,..q.#V.....!....v.....=.<.H.q.....b..<<)#<^.}..9...Y..2..F.....x...D...7u?.......*C.]7.@C.......,1..t.q.}.pJ..0J...L._...~.6..y....P...h}..K.V...1...VG.5...B.........B...Z`.I........sj|.....9..{7..^D..\.8/.n.!Zn..r...V...4.|.!...7.h$^k'.....~uW....-..}x.............L.N..7.-..d..K5.x.....eQg..?....(YN+.5...j.S....]7uFz......)~....+....j..k.f..^....j.5 *.lkHSZ.F.".%..Z...r...fc'..g.......^ ..!zd....O).#Pc.....U'..>..U2.&X..Z,,NR..-./..[E_Z.>'..<..y...%..+..Z|Rt..2.*..s.3$.&.x6QhW{...;.h7.....''. ..h>..}.....sR} .'..}...|.f..Uu;..s@..!.{...U.-]M.R:...II..(..........2.t....D...wk...[.#J1..A.Q.|.k.VmE&........j...@.....F....?..L...e&....YPZ..bM]...x..eZ.[..u....gf.VM.|5....`.9E...a.IBEg......#h..^.......P..WvP..7.......fM.u..........d.J...+9.~...-...OV-P.R..T.....\..,...>........L...Ef'>`)Q.......+].P.8j..LH..q.=......u.`.M.?0..7.Y....pC>T..J.R..m3. ..rsyo..0M.v....^.W..#.....>EwV...w.."$y.X.../..2....uo.(...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1272
                                                                                                                                                                                Entropy (8bit):7.854000803182324
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:FWGpp/bTexY13e/oka2GYFFBXsSf9AsGrDdEA2GDyYxn12xs:BTTey13e/otCBVfPaAYRAq
                                                                                                                                                                                MD5:6F07466B37B1A2345BBCED7D2E2004DA
                                                                                                                                                                                SHA1:39FAF2C3B0BDC7B9F421B3CD4AC8B5CD2AFFF074
                                                                                                                                                                                SHA-256:E6C252BAFEC69831CE90C40AAC5509D3726EC71087406EFEC6178F65C7BB24E1
                                                                                                                                                                                SHA-512:5F5039F8504874BBCBAB524865DBEB950C24FA792C3B641A334C0ABA0D3A81431C4BC01CA14CB49A47A7708F7D19AC09F525B619D87D14FBCFB12257FBCD6EF3
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.v.:.....%H.E.........J.....e..O.H...V.p....!Sbp ...i.z.w9..}..D.E.2.....T......x.'u...>.............PM....J*.le..vn.Kc.cJ.."....]..+.A;.X...Q....v...&.$F....G.....0../.-.8..>...8p3..vr...g'+....neD8`Wf...^.....@#....r.K..(.....n5HkB...W.o..(t. l.ka/"./......s..[...V..)..1..Y]..%x.9.U.q......7|..p.E...._t.O.D.!....>.... ..E.B...<W.'..L.m...n.;:.s.T.j....8..0.c.......0.CX.o.R....@i.f4hpNT.....l.=.).......]r..g..S.FjR\Z...>dY.Mi.....u...@.k.kgg./P...R.h.......J.."...g............UD5on7...c,~8....7.=2..A..:..G-...4E...c.t.(.-j..Q...{...S9Y.k.x.:....B.f....=6..v....C.6{G.bWA..^...~.fW........T..3.+.Lt.#..<o...A...@Z.,...yF..aa.B.*.y....s.(b....r..$.u%.Ag......m.B....\.....6.sN.......D+....:....h).fu..;.~.'.=:.U.<.GS...r...]wf.;...t..#.T......w..<.....h.(o.et.].2....v.:......*{s.k...K..........].=...V..V[..n."....a.b.1..G..g..3..*..Z..+.....K.l...sn...=A..RV...)H.][.l.[_u.\....'.~.u........C..y+...@.V..~T....%.....]M./Ce.&G...s.y.|.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1270
                                                                                                                                                                                Entropy (8bit):7.824502392302132
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:fL2VZfix8pBEdqVyBFXdw/DRuMzzYWHJfRiXXRBwhMmv2xs:fSVZfix0BEoVyXXKd1HJpiXhBLFq
                                                                                                                                                                                MD5:3B891472C4C43B513865A757B886DA41
                                                                                                                                                                                SHA1:34F6C67F5AE5E4C1C7DE54A1D7222EDC3D74AA9E
                                                                                                                                                                                SHA-256:B2291630601C1CC9A5120756866AD9C5E713D59BF84C5678B36A18C2CD4F37B1
                                                                                                                                                                                SHA-512:3D27DBE33DCD662F026B3B2B8034BCA2842B42AA127F58D1CAE3A94BC3E4BDF4F35735C67801E256045B43E76A6DCF6C1A7ECF3419DBF3DFDAA2A39BDFD0A78C
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...G:<...I.sL(...+..&.=^.JgY.....{.....C.u*..:.Z]..*1.x^.=tp.]O.u;.:.5.m......".<.T..b5W....D.[..W.;Nu8.6.M.j......W.;...<..F....75i..5.u..0..p..|..g.=GY...3?..z6...w3..'..F\.#....-....@.&...I.....5..<s..k....KlRV......c..K#DF.z.+fj..;....aD.M..!??c.....3...CL9.w~..t/.....?.Hw.........@......7.......#.... `w.i.3.r.}...0.>.x.h.4...}ob...n...O..H}.#g....U....A5....w...C....2k.W4Q.....<)..#2.b)R.6.Q.?.mm........~G.|.mla/t....x...8..*....\.O..%U..(..........k.......X&=Y..:...F..^..K.-.X...,..t..%.dD..OM.R.{.6.2.%....5..~..p..X...J...J..h.s.......xg.8...^.;].......q...d.!......a.cEx.....|......9...Mw...3.:....g*.u..C."..D:..Z.8.x...Y.....MF.!.#>mx:.Csj..dG...isv.A..T.hI...:'.".......2.....I..`.+...]..J[k..-..I..v..\..OuT.(....{...*_.387...`x.;u.&[..eN...........*...]`n....;=M.......m.<Ci.g+.O*9u....m.x.....")&.{W .=..P.?.Z...g.......n..y..-".H..B3..=-./.3^g..vX.:..Ph-.!.mR^..M^....w~.C..7.$.34.........3Af..~.'...^.H(.L.^...\`..J..k..q........JZ
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1272
                                                                                                                                                                                Entropy (8bit):7.862756196731055
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:Do+QBq64Iq+z7V3OfcvEC/r5OcQwfLRed0cNyPQ2xs:Do+QBq64B+kfIE8PQwf9pq
                                                                                                                                                                                MD5:FCBD00550CB10B824A27EC073D91B0F9
                                                                                                                                                                                SHA1:D2993B79062138FE55444A9BF1C23A4D63AE68D6
                                                                                                                                                                                SHA-256:45B0E7E16AF5BA7C079EEE24F3A1B1ACC33883571FB14E0F5D1AAB89121D40CA
                                                                                                                                                                                SHA-512:1B528C1F6E30C20900BE60D5EFEB73E8958132E5861CFB224EBC680BB70E5679658C4B87686355CE6A204ACEE3A8AA8B684A8441AFFD1859EF1DCDE34E95BE49
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:....D.4Y...P.....%.........l.>.=+.... ..V.<?.....+...5.e.[..'vM.....[.9....2H..a.]..y.Q.Q.!......a.....m...^.<.-...6Z`.|...Bn]Z.n.:.:...K.....4.!P...v>:.'0...Ut;TJ.'=....b.B.0...L..,.....gO..XQ.m..h.A1...j..n....W........}p.[...".......4...v....0&uJ .P..j..!...!n.X@\......&..s..q.i-*~..W.&8.LH...< K..].....*.v...~[..0..l}}.l*..4.u...R..s.....;...67.#.|D.F....f.X...?`.5."../...x...9m.R{7.5N."...~qTy.h]...m.i.n.0.7...Mu.....V..W8....A.A....Z.n..%h......../..~....rk1?"...".v6..$..RT.Rm..u.z.[..zGc}E,....f.$.(.A.!Ex6.[...s....(..[Z.....b...w.......mT-.8....Z...f.6...D.O..=.:./.r....FXN.j.....c...U........@%.m.3.....@V....f...QM.b.4....G.S......_.jW.c..?......ZI...=....q\L5....kj....8.~..@q...l..bV.qT>2k.y.q.z..z....z....bH..F..h).}.U..t..J......S..0...v.[...uE...].-11...>g.q/..J...F.c.]m..*....4o....2$.U.....b.........4n.(;.o..F.9.1x...JI...'{.._.>.`=....8.;.Z.YA:d.......#.0..p..h..w.=..>.AFmx.aF~.^MBQ..7.f#}.b."G...m.**.d....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1270
                                                                                                                                                                                Entropy (8bit):7.833349628348853
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:1IuJ0PfBiE4sfkBWYktDlp03vOHPyZansRfxJUMSylXQVAhZhl/kkYgA2xs:1IuinBiE4spZDlp03vmq9ss/Zr/klgLq
                                                                                                                                                                                MD5:F65490A294A1F62D373606F0F079ABCF
                                                                                                                                                                                SHA1:AB9F1A3D9037FA422DDE49F3516A216B26115D08
                                                                                                                                                                                SHA-256:18FC3FAC1C6417D598F8253BA74D2CE2E48AF2FA8BDFA2386C8CE25C43013BCA
                                                                                                                                                                                SHA-512:9900093CA0F168D8263363AA9326C6F9634E7CE229B5E2BC09CDCAAF4484FE48A67B69C0714AFDF1FE471852F37CB5414F12B62F5C33F8F4B6BF5DCEE60B14F9
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..B.....K.g..6.....N.bYG..ru..0d..<......2rQ....h.b....W.T.S....R..z...L.t.30X%...| ....Q.dE.._y.+.x....k.+|...]D.;...K....Q4.[...Eg.....<9K+...6...8....m:o...9......Ea..3v..u..>*.D.tR..4}.MEH.....P.'V..y...8-.j:.Zu..1_W...?.Hs5...U. ........6u...].*l.[.CHnF..(k..F{..;..Ay...b...Fn.A.....|....|V.[E.Cd.f.....z.1.kBkw.D.....lL.....8}4...0.I.....n.}....'.B.....e..:].4...&T..o..;$;&...(.}.!....99a.. )...... "..G.mM.l.....mD...r.1jr.9(...9./.o.'W.)...0).SOp'..D9w.x....1.z.{;....].a.[O.....lg.R....]A..R.QC.e....*b.-..2,..o.F.V.1^*.*6...G.7....s.].7+...*/Y.MqwR...C.{\......?.d..}\...6.p.....m'."*..,.J.W.N..7.L.....[y6....0.%s.....b=E.e./...:..@..a.t.../(....olB..-.tJ.g.Z.%.Z.....y......3.......)..]W..3........"o..r..).R.1e.>....x...J$`&..>.0......G.)..... .%Q.w.-.E..7.;....|...Sk,f.b...b(c`]y..T.........l......R..............."......[ta...3n~-......B..hU.._.."8.:+.l...m.Wd.......F.....\.GC...v.......e|.H...el.O}....|H./.+N.M.....~|.=.q....W...d$
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1272
                                                                                                                                                                                Entropy (8bit):7.855444830671783
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:WVtZCLTZFCEu0NAPntPZ9iAtoCTi83PrXkDjzsxRewxiysxh12xs:WVLqnNA/r9iWW8sjzsxRewxcxiq
                                                                                                                                                                                MD5:106AFB8FE30EDF05CA9E8626F8486396
                                                                                                                                                                                SHA1:FB5E89672CEF80E47594C79F5B437829A7C4936A
                                                                                                                                                                                SHA-256:F0E3E175D5B892A8FE20055930BE7B2D8ED94A951B78C1AB016379F31D92CACF
                                                                                                                                                                                SHA-512:340FEFC35BAC691CEDCE909385BE1B3BAB7EEDE727D1084C4D24478A0E77DAED587D3B63FC53590679AAE7C6AAFB582955701C76F4B7CF8C0489F50DA30059C5
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.w*..l4..G..J....Pv.nA...(I...[ ..r..D.'.....2SIO..T..\.]..0..........]`.....tvJ..yn.....Y.?/..D.-.(A0.gm..s....5..~......J-....z.KuH..../;.Y...&.oNq"H..rI.V...\.5.../8.."..x...&.J....O^.....m.I.f.@...~^c|...u.rx3........Gbu2....M...`(.@.;^1....[......M.n...............W......H.0......E.?w..^..P0..D.....l...*.k...d.....g.s<v12I. ..,..eQ_..[.MDC...#...5..>}A.Y.B.3.r.......2L.6`...ti.l..N.;P......-.....*.]...<....j.J..oH.*a...T.}w...#....$....d..3..@3K.$.|.x~.=..G.f...a...5....wO..Az.P.M:.<;....y..$+[c.....y.-..,..+h...P...9!......E-e.f. ;..,....).(...Fy."H....0,...(d...V.....|.jLKc.1...7.h.w.......v7UE.T!0.7.S.:..K..|.oM6.@:P./..4..m!z?....._..x.(eK....:D.|I.J..q.....p.T..l.v.Z...A.k....tr./.$y..?.?..A.~5.mf,YxT..J.&.....*^E.] ^S.j.+."..F.2.c.=&......T...y..n.......B...n..y..#o....`....a.O.'.......]..M2.`@/.~.3.[.l.c.C8..OA.2.V.ENp...d.O#.*9.R5,.I+.22}.."...[H."&7L.3..Q).~.-..8.tQe....H...I..o#.:......c?..V.4.SR.Q..W..s.'tdA.... .
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1275
                                                                                                                                                                                Entropy (8bit):7.831499757423661
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:h1f1iBl/cuO55edUnwWdZ7v8WfgdfNZu6+1z4Dq+smdYT2xs:h1yFoedywEZ7QBNgr0e2dNq
                                                                                                                                                                                MD5:E1447DD5ED1CC559B4E7B8E660ED34B1
                                                                                                                                                                                SHA1:292FEC85A02698DE1600F98D0A1204F22E326898
                                                                                                                                                                                SHA-256:FC42CF29E0EF3378908205AB231A6663E737051BB70174C5BA535D2D2739BB26
                                                                                                                                                                                SHA-512:94BFCC58D4A4A5BEC9C9CA6FE513196216AD595234480F245DF75DDE42F193075F74F84BA707FE81058E59A0B1F5DE09BB35962541FCF059A41543F665A3CDD2
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...V.#..Ac.."cf..c'3l..7c6...q.....?K...R._..}a0..Y).q.......O!+}...z.8.kvH....w......._>.J....].?....P.A..7...}......?G.-6.(..c...]X.:F..:l.7...|....Hco..-.%B...?...q.P.t.`..?I.tNX....&s*_.~C.%.F........I.!..+...A.... .U.S:B1..C(.qB...h..Q.w..K......d8......;0......!..m6..S....Ww..cW.f.8F.j...b.C.....1..V.FE...$..^..9.B...|..WkLo....1....x,.4,..@....i..L..y.A....y...[L.2....q...V.sSrD)W...A..A.u.zg.%y5r.....}l.......~..x=O.t.l.6M....E..tS}..Rc..A...W..b..c....>.k.....xF...v*j"@z...|.;...._*....f...5.`.......#...V..Y/K.......&..A...S T$r..-x..X.'.........y:f....K+......$~..|E..th...Zf.&.^.s....Uf.L$.LS...s.GOy....2.......7.0w.@...|........ ....&.=[.7$.......L0.P..hARu.3.u.X...{...`@W.L~.i.....lj93X.......rk!.O...<.H.f.T.I"$.-....FE..[0,....Y5.....X....b..@.[C.&.&.....Y[x.....P...Lr%..R.o).R..S>..2..dK..q..N%.rFw.`.VW.Q.....6.......D....s..y+......+...t.........6FFX.7o2...-.t.5...+m....u<..YM....o.qd.V..3F.,.qxa.mq../8E^..H.*=. r.7.....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1272
                                                                                                                                                                                Entropy (8bit):7.834551841168896
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:4hiE5l3mif9BTLqL4D9M+hVenXcr2QMMWYC4NsOpr2xs:4N8i/Qg0nXcr2QLbyXq
                                                                                                                                                                                MD5:37B0D789793FFFF759C4529870E7A1D9
                                                                                                                                                                                SHA1:D8DEFAD179515272EB527B90890974BE141BCCF8
                                                                                                                                                                                SHA-256:56FB216C4F5CE7401F96F1F08EE5824B63A11FB9E549C93A0C28756368A9EF27
                                                                                                                                                                                SHA-512:EA5BAB57CAA4F95AA90354E43C9C3FAD5F2687D7F227C69706FAF3319AD81144637C6E01955DA0864B54B410BEC8ABE58D496A501459A4B9FB586B151E971050
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......pvJ6-.;.#.......q.U".mYR.E[..S.:...#..l...:8.yJb........U..{Y.m.."...."../v..bB.E...C39u3..,U.".;=w+:.."5.;:.....C...o.4.. D...C........'.^.8.d0....\>%.-..lj.z.}}.9~..L.....D...l.h.....R.|.^...s.*...GT.'.M.v......8.........;....A.R.h.J..l...(Qg..gz?.w.t.u..Vo<BG....9...k. .Esf.#..Z...A.7...M.S.......?...%.^s..1...T[.....j-.A7.U{..M.d..j.f.R..8.......Od.D..u!.HN.?.....:H!...\.........B#.....<......5.U...y..C........T.[.y.L4/.m.yo..h...$..M.Z..2.r....kO..O...BX.W..m.....-.=...8.....G..u..."}.m.U.i@...X.\..A..).[.. #.E.d.n......ks..M...I%$.....7..........!..vA..u.......c6.}=.W.'..d(O.D..QB7.!..=>7k.....D:$1....;.d....Ch.t...6.B.....q........3.......9z.......,.M..R..E.Y.-.A..=..g[...l?...z..:....lH}.[.B)az..t*...\.l...w7.R...1.Gz.o..G..{..N..l....GBAW;`.~k.e/<r.|d`-..5U#9@.T.m{...l...M;PWs..IhJ.?o...a..J...W...`..D...^a.JM...Q....H..e.[.....Yo.=4...k.J@..G..M...J..:H{.,u./..C_..f|%.,.B....c..._c.*-.Ty..;zP.G..6..,.S..*.P.....".Sb......<...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1270
                                                                                                                                                                                Entropy (8bit):7.851450605395002
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SUh3Hqsez6x7ryiBrGan4mcLnJm1LKrhO/FjGdMa2nZjJg6CXXFt8r6a2xs:FlHrRxfRBrGan4DLU9KrhOdidMIXb8uw
                                                                                                                                                                                MD5:FA7BA6827F8CA7FBE1CB88ED54B275D5
                                                                                                                                                                                SHA1:35CF03067B0B7E351635D7B9C4079788E539FF1E
                                                                                                                                                                                SHA-256:87D672FB7ED13ED0EE3A70036866F5897EDF6EA6C91DC53F06DDFAF74B5B0B06
                                                                                                                                                                                SHA-512:004F65E3A5E2A4F46BEE95A08E8C6DE9D36FB479D5E95D3A866394E7599C3793F3A6BC7E6715F0B6926390F570F9537C5D1BB5340BF361BC5063F2BFC36BFDE0
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.X.B...kfc.D+.\.;,.....a.R._..ao.,'.E.0_[}.....x=t....E.a...c..6.#..>..XX..$.....}X........f1...P.-..n.W".WZ.hss..=3...O\..-t...}..\.... ...X..Z....tT.`...y.3....O..Nw.$.hK.1D.....69.}m.7..}.....c5.X....,Z..3.5WKE....w..v..}({\v}.D...=,.).h..Y...V.{@@..u...S.M.8.{.....n...~.!.........."...........q....80.T...x5.*1.5w..H.N.s..G...).i...H.D5..k..8...X.0?.[.1.b..^.{.......>V..@.Q...A......-.(~.3..~x69U...}....a.$<...:h......N..GE.#.z.<.k..f....z.1.N....`....r.B4...H:<d....0t......og..L..<.D.....X!....WY.j."...`&.m.3C.5v...7..~..'....... b.....9.w..>.Dl2..h.sHc~[.WB.:..X.TRi....]....j.Qyj.m...Af..Lb;I...}...h.....e...Bru/..-N.gt]....../;....0.{.i..Z...d.....e>`m.......h.;....e=\.L...8W..C4F....ml1...x....O&..'V...D..%..U.T..T....<.w+t.K..`.....Bt.[Iq...eU.u...U..QH...vv..K..Nn.F...A...MY......."/.n...U....{8.8.h..J.w......q....8.of.Z.k..!..$.C........A.y.^....Z..#.9E..~.x.l...8.Y...../...'7o...$Ff.!t.......q...(P.@bbdr..!3.."O......:.o;-....0..b.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1272
                                                                                                                                                                                Entropy (8bit):7.848384607640992
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:e3gCXbXIMA//6hYL50hyEzx1WxObXlZs9ivsJvZy/r7Iis9uT2xs:6LXIMA//6hwMzxNDWYwirSq
                                                                                                                                                                                MD5:A497D5C88994EF02CD80E11219F003CE
                                                                                                                                                                                SHA1:693AF401D44F4BFACFE0266B5B9B4A6929D9A72E
                                                                                                                                                                                SHA-256:8FD406C1B23E5565337746CB0642007C4B41E14385ACC86A2916FC4FB67DD3F8
                                                                                                                                                                                SHA-512:1983730A1FE9DB37CCD4B7E7793C3D7B577B5326F30DF2D3DAF6D6483F02F8E894DFB1CDB50BDF8263CB6903ABCCE03FF0F599968887F08EFFD69E744BAF6D2E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:E...7.W.@...vD..=....x."x<...,P..-.._U......Fv\Hq.$....Q....x..>n.!...Y.'.q`... M..............J|.....0.....MX.../} g..)....3....>e...aM{....d..F%..~uEmC.k.F.W.r.r..Jn....R)....&10...K..MT...q$.L(w....}.t.].Q.BQ..(.z..4...zO.Hv0....).h..\G.8...5..;\1..vh..>.Q...W..Y{Ef.o.Q.K..0..Dwi...}N....i..&w\..;0lm5h->.&..W.8..2..y5.........Z..P.X*...f...~iyu.(.1..:..F./..._,E..]I.]F......'..?...r.K...,.0.R...;..X...JQ.z....c....].."e..A.>.hj..$m......\Ot..NSy>.t.S.F~..y?./.)]*^E.5.....x...J.NC!.':..#M%B..m......j....!$.o.D..@....F.....\.$.a..v^[.HP.8..\.)+..+....h..0!.>H..h.............!re.f.'...U.dp.<.7.......l..x.Qs...@.0.....=.LG..CP.Z..'..I@....[.....8..6Y\.X.+.G..{.b.w......H.N..;-..f.H.R.d..=...r..#. ...Y.....sN...K.0'z9N..Q...O..s.}.../.=.=*..Sy.|..m:.VQ(C.U.("<p...,..s...<......,. *.uRd...h..O.1.h2B.Z...y........e..:....\xS..P..^..:..'cO......._.u.F.#4.w..CS.3.+".-...E.l..f.'.?5:.w......d..._......X.@....u....g........1s..y..]...M.\4a
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1270
                                                                                                                                                                                Entropy (8bit):7.855163209365615
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:qyhQbVs3N3EzSgZRIirCSUMGMbEJrcj/TsFmDXb2xs:qfVefg3nrCSVG/pETsEaq
                                                                                                                                                                                MD5:95C14B36C7367AD65C5B17671C1DA695
                                                                                                                                                                                SHA1:4774D0EFE288CFC6F94519B5F72679B6DCAC2C61
                                                                                                                                                                                SHA-256:9171B6C42598A8C7943FA4B90AE347278FF31D10253FD59E09B71352C44225EB
                                                                                                                                                                                SHA-512:513AEB9AD4925F7FBA0EB1D0C42D0224D1D19934B3323E611BE091F0121F93B77E4EA219FD5F05082E4EE0C43DB77CCEC762E9096A39DE107749BF44972F5E91
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:~...x..8.<.....r*....<aO..B.)?$...M.....y....x..3#&..+.xR?....K.V?.f.\@.W..:..wk./.....|.H=i/..kZ..._,+.....V.....o2!_t..}..d.9....T..."sJ.0.5.D8R.....<.....1n...n....]....[.....g.....p.0.UQe.K!.....me4..?..{.$...fCh....e.E...%.....`.Y.nD.w...X.9;>....I.5.'.ozB.O...ah.Z........oda...2.d,..k9.X..+..x|Aj.........y..P!:PB7...@xO....Z.<....../K,.?....;....*........0.6+N.!S.a....@...?Q..[`$:...Y./.UP.V...'..$.w.ae.C......>5......6.....f.7.g.o...Fl..........phT....I..9..JC.z.......).....{....y..=2.G....h.[1....4}.G.t......'.....D!....../I.-..HM4#-7..b&..TM."...#$c+.gV.*a..qa..2s.......'.5R..@.;m...o..X.E..y...d.[..2 D...e,7....Z'...P~..o....s.p....j...h.;.N.o..F.4...XV.r..P'..`..T...7.S.........[aD(z.C...i.....4.eF...E...X..a. b.5......cT..I.pP.r......,...M5.......WB..a..x.....x.M2...T).fyA......%..(.rS.$sY...8.(Z*..sFKX..-ac6xH.U.^%u.N..`kLdv...bD..K...7'w..e..g..-.......SO..........W...B.?C9.....u"EEw...D{.R....g...E....2....g....PL%a"u^.#...Z.e..>....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1272
                                                                                                                                                                                Entropy (8bit):7.844505072267454
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:mH8OZsCa/wpXCZfoqr63IS/t9ScCADS1hS5CC6ar7n5CHebqNbT12xs:mH8WsZkyZfoqr63IS/nVCADS1hS5CPaw
                                                                                                                                                                                MD5:B743A19E45665C7615EAF1E8618F530D
                                                                                                                                                                                SHA1:7674E9C6157A2A45E0FA6388410F7D99BCC6F4F7
                                                                                                                                                                                SHA-256:CC1EDBD146B768F2310AF941FD0D7A3CB2A35CBFEBB866A7A55628CE70D3A781
                                                                                                                                                                                SHA-512:4A6A5B70A9F30B16697DF04FD7FF8836A4515036FD8F0619DCA8D1CBAE1368167CC471D56C78AC270A2A6ED12D1DA1FB4B5291C8F29E4FF8D5D34158154447DE
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...V...].l.T.. .4CW........g/tM...6.....4.\f~....U.$cY.H.I..j..).^....`..;....%S..._....f`..J...x...AXNk.^G.W.].pB.......}..MH.[x~.S.(eu.K.....LG..*.pa........%...C....p.n.\.....]"..g...!;(Q...p0..S~./....U.|0......J.......m`..Cp...F7[:(.7.|.i.|MR..if.b8f?-k....sQ...M..f....i.2B..........lq.L.....#..=Lr.5......"..8.\.@.".l...b.j......C....<..?..m...X.X*. .....{....>7F'...'.L.~.. H|.M_.`O..(z.....S..o...L.....)Jp\x....<3a....H,........IJ..u".dZ.7$A...9..u.jT...w.k..^t..4.1.c."P=..g...._.<d...f.......*./.h.c.G...Q..g.....a.X..'.?-..2...?..c].-m...].q1.Z^.,..G<.J{.d..B(U.B.Z.`.{.E...U.C..a$LZ.<...T.r....M......1......x.:..Fe..D...x..x>....(|..;....E.f..p{T......WH...K.9'.G..D...~..%.....g......M.m).L........<K.JO......L.pR..z.[<.T..).n....5UXy ..:.aZ.U.........[i.y..d.......I{D>.du..&.....J.......l........G....&.......a..\.xj."R.=...~...8j..$.R..$@Y.Eh0,.....u.i.(....E.g4V&;..<\.?....3.3...E.u...].].H..$....yI{.'`{}.....*'.3G.....s..8CN
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1272
                                                                                                                                                                                Entropy (8bit):7.8314155384641975
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:KXOMbDfVY60K2nTU0+DjRatamJ3qvydVsYcnMSK4Thyj+eVHE2f1Zt2xs:gDtOK2nn8l4zqvy/t8jK4Thg+eVsq
                                                                                                                                                                                MD5:136BC6305CB1F58C303D0DBB3293CE42
                                                                                                                                                                                SHA1:7CD5EA07DD58FC8A9114C8AA459DD50DEE9B230D
                                                                                                                                                                                SHA-256:B894D37D01A7C648CAD1048F2C696F0E752F269A9BD26CDD436C199064FB01E7
                                                                                                                                                                                SHA-512:592DC03BDF3F43032E6BA4B1AEA230492B6E4BE935B0B4C3995C0969B7E5B6668985525CCE30D24551ED668CD3F35B8EC98F292EC1DD3A2B2E57470FDB009AAE
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.e..3.....K.f..TB... .;I..M.V.&z.5...G..J.E.>c?....}].!....q.......Bo.../..p.-..b....N.NH..z...b...UI0..].......}.....#C..>.......{..n .U.;.hi..-9...sl4H.........&..M.eb...G"....R.........9../....$....N.J.s..=.?$.K*z..6...$....a.+6.H.97....&3........}......t.....@~.f........q.l...>..m>.Q....3.Xy.u.&W...b.,.\.(..P?0.b,...x..Q.b3E......\..Z.1h...J..9."......E.'..Dsq;..].X..s3&.q.=0,.!/x5R..+uX....3..k^..3.<.=..W?!z...@i7....QQX...e.....3...........1....YZ.c^...n.c.Au;e...3...1*o..].....y.L...ti...fK...2|....e...[P.Z_..kg.e4V..)..RBT.\-..iW.rma.eI."..T.Q.F2p..{H"...6...Z.e.....A7f.Zy.....`P.C...5...=.....O...&.=3h.8.W.E2f7I..15.S..I..0.C!...f.9...S..G....s@..@....u8.a.}0yE..v73Y6Z...u.|y3.1....g.........U.k..n."...y[.)..?..f....bu.zl..z.z.....)@..Y..?A.....E...w!.$..{..4...*.3....`....1....g.b..T..XWF....I.b.o8.z3).S.&..{.*5.C..m......A.e.4z..=...@..'q..a.....m>.V..ub.Ds.':.......I....E....._..w..d.B.4i.ai....@...{Z..Q.*...w...M. .4.x<............n.....
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1273
                                                                                                                                                                                Entropy (8bit):7.869391195184476
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:fg4IdFk8WxV74d0mp8vNuF1W2+r4N12gi4lmpeW6aqjRQdXQhA6G+HRItVU7J2xs:fgfdap42RF0N17XYNiRQdXQhf/Hq6Eq
                                                                                                                                                                                MD5:4C2283D6F75A0E31729AB15AAB1B857D
                                                                                                                                                                                SHA1:5F1090BF0A23B013908D205FCE9C631ADC1463DF
                                                                                                                                                                                SHA-256:5A9189D4574F401AAF046C6674A8A5AE20A7C65A17F5B0B468987596540CEE83
                                                                                                                                                                                SHA-512:26EF18F4D6AE55BD1521753E67A5E42BCC45587127DA679CDFE78766EBF301EFFA0911D7A437721F7DB69287291F554CF53FAA6CA4CD7D7C83272169DBE93828
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..t.}..Cb.Q.i;@.......j}]6....Z..$...t8h25.#|p...y.L..1.g|.z}..:nen.C..m.t1M.x...=....n. F......+NQ....r.1...B.....8sNt2).......>..A......S..z.......\],.(......KM..:...fq......K...~g.urb.6...oa..-.......iF.J$~J...~M*.....8..~.D..b....4a...t..nx..O...Io=.P/.v.R...N..9C..gt.u9../\.4b.. D`..E....NmU{t.NaHeE\.....G..7..n...T.6.%F.+.....g...s.^x./.(^...C^......_Qo&)...0{..W.]|...."...2M.V.5....<i-..vj..M......<.uq..h..+..&.nA..>......g.0ed...#f2.z.Q...C.T...Bt.i..{..7...6.. .u.}.K."++.L$..5Mb.UJ)...]m.....`.......V\.....'h...p.......z.b.A.W......P..L.f...9.@..V......._...y.....Pyq.MyD..!....[?!.cl.E]I....|en}.2...`c...ny~..|....l.1&ETcV.<.....e.2....r.z..tU.z..k..._Z:..\H.9...[..V;......5.....Ao..N.y.U.9.$..*..m....Bu...!&[.]k.j.Id...(XI...O...:t...`|N....)4e.....Y...r.=c[.y..v..8l.e..b.Z...^...M.ht.....H.`.....7]......0D.z..a...<;.6.H.3Z.....[...[.:L...>..........X.i..:.C.HG...,.....M.._}rJ........h...........DIW^.3.hk+7...]...n...^.gP.#....1.V.z.HS....x{.n
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1272
                                                                                                                                                                                Entropy (8bit):7.847484724424602
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:cPwqVE2WMgpwgHP/CIyASyzolhEYzA6l/bK8xFLBKiEDPH5KG3aPPPr2xs:IuxFwgv/+ASFy41H45B3CPqq
                                                                                                                                                                                MD5:C2577D46B3F73163B80FC9FFAC1C3C88
                                                                                                                                                                                SHA1:4B1077CC9F1E37952FF8A2B84D5E1B3E80DE3541
                                                                                                                                                                                SHA-256:1985B852869CD36B40AA11C5A82F5774120C0DD3FFB9BEF80436D58F20B56174
                                                                                                                                                                                SHA-512:85584DEE67B7D71EA36998AE9BC5782ADF753ACEAC4BB2EF0C74BC503B4CB521CBACEE01C925A16747D1E0C87B0439719569996E8F4335C8699503E0900622B7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:8..>.T..@P.:)..C....Jp....Z..}..).W..,O...4.K.M...s.^...c:... A..{d.>U..r..,.7......3..Y;.........;.Q..Mf.N.."H..J:.kw[....4...{..^%e.e..-.p..h.......d{x3..qB.'.d/^...j..|m_.....E#..z.|.~o.6..A.E.[.].1q.=.hd...#.l....r.?7..=.(.O...V_....H.c.B.5..6}...x....Y.d.em..<..G}6&....5.....&.....04..).-.L.p.....3}0.k.9H.t....(...~.gi.|..Bz...........vC...e.......e.x..FT....&......Ux.r.......x``......8d....."x7.Y-]..n....}..46....G...@..W..m..o...E-.]K.e,.....J.._er./.T.e......{.D..yc....a.K5..vy-`...k.QO..2k?#T_Og....m..zRc......S.fa....i..i4.........Jy.y.|.r-...N.\..p..h...b.s,....s.c.eb...q>...........a.>.56.L....M....&...;....A#...s1.;.1{..S..B...sLL.a|)..}.5....o.."X.A...2.k_..1;F...E.Z.@.Ar...0...Y.R..S..,.`g.z];(#..f ...`.J-..e..k....$K..,...}....\l.:..H.?..d,M.....V....|H..s.......6......u9B......e..F1.L...;.P.'q...a.....9....f.is.......w+l..B..FqS...5.[d.......;.OTD..?...@..9.%...v.D....b......t8..q.....U..u.o........4.
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1270
                                                                                                                                                                                Entropy (8bit):7.844623400197446
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:0eJvOHRMn0aqjB76Oik8Pgwks6uuOpqbmQnQCPtdqOpx9QZQ4kD41anr2xs:7taRML45rcPlkRDNPDq4Cz6qq
                                                                                                                                                                                MD5:5D6EF4EF8FD1C9F5E03031CFCD1762BF
                                                                                                                                                                                SHA1:9CFF0BE37C7C6C9F58E80C4BB29604D59F8D1357
                                                                                                                                                                                SHA-256:D7E1AF747F7EFACFF425EAD4EC27A6D0D7EF214B05FA77D4766B3F5410A400A7
                                                                                                                                                                                SHA-512:AC70AFF9FC361CF295F8C00DF51FF909F8BA97AFF9C9743C8728DF9B00B4FD8704387D009341EE286CC8AF4B430E953C4818D355B17190069FBDD8F5DDB6DEE1
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..}...n.Y~G........|.Kt.wk.......W!R...t...].....4..9.9.,%.......U{...F..=..A..|..2s.5..H.[....oM*.}..u....... ......9y........:?... ...33?.Xlr...|....xD..$.h?..M....Z4Lq.i.....\J.hU......ih.Y..K.L\.tm..h..U..aJ.vg......(..(A...o.z;....-c..={.`.2$&\^....1..Z..w%.iE...n...N.&.......R.FB....G...3..... q..x....X../.ON.QR.....O.0....>.`....vj.....(.,..A...u.....4......j..atyJt..J.....3hb$.d.e...z...[.N.\.H.^f.t.5.../.wF..XE.".:i/4...K....j.a>..D.C....Y..6....#..1.b..u.o...?..UJJ..P....f.v.6).5.6L...A.....K.A.T.-w.Vm..[.JG..1...Q&......u..Cw9...O.H....>....x.............iF.-....W.=..tOH^....H.>@.....LQ...q......n'.M..!Ub.....{..^Db..9....m.......K..w..$...0. Y.....h)......2....]....[.....PT.*...c..&1....&H.$:DN9.Mj..h..!.....~.....W.n..t.v........]..'...._.`V2..Z...WRr......>..-D..L......$.Xq;.....>..kMv......T..Q..F..._.qd.+.w.n...(o.].......)s.z+...x....t.R.." T....IL_.2.>J..l.RXXK=.O..@..2...*..w.....o..i8W..Z.PM.K.n....*
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1272
                                                                                                                                                                                Entropy (8bit):7.841585984388338
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:pn/l2MIZb76M10h/NtPe5iJqLrVGyxCnhpwyjtZiFaYergJzbbpyFQYhT2xs:ppIZb76M105ObLxGyknhnDiFaYergJz2
                                                                                                                                                                                MD5:1DF0B5F4DB84AC44CE740F431BCE4B54
                                                                                                                                                                                SHA1:9E7F3B9B87F87953291A3E317554BCA09B453E30
                                                                                                                                                                                SHA-256:F1BAA8EDFF0846E7E86C44E9D3F839BC2AE413349D76BCD472D29A372C90CE51
                                                                                                                                                                                SHA-512:A049AD915B11E4E6F3F0A1415979043F2A9FA2AD1374F9C176DB63E8EE920C610685A7114814F1939D7AEA4887F4FDFB80D98B1045D178832BCF06453DE3BB95
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......S.....jp@.MZ.9z{....Kb|..,@l..EJ.{7J7...}.....M...'..I.;..v.D..Fa..g..7.......*.Z.....\.it..._..<|+y..KP...>...F6......)m....g_p.y~.I.`.+z_Y...'&...jY....2.iF..(...f...^J...B..{.....Z.w....w.!.d.K._.6.|.8..~..y.o+.rh?E$P.......}.?.Z..h....U...,.N(;3`K...._...I....\.z.I......!Y=.Lz.G..YT|32d*.:5.`.a1.z,.....V....]+........!.W............%.$.....4O_.P.0........$X|.......%.y...2c.&.xp../.M........o.:...nT...F../.}\...A....]..L....>l_....s.[...w..%u...m.)...r....4.[n.n..y...X^....kk.Y...t.0PL..H9.(^J.&w.~.(..gR.V^O..Oj.+..KF./;.rv.i...?..'....`...!.H.C.2.XH...ls3..F`........Q(&...3-....5..4....f.P-q...f........Uq.|p..sj.P.Q.S..T.9+..$..W....F.....P.0..3......@.}.v..Ku...Q...1hX+gK.x>R...qD:..4........>.**.2Y.....v...............;.......V.....<.?A..)...;y..0-.d....2.2.K.<.V}..,-n.#..........$.O..}...>...C.8tE.nT..@.gf.1...[.&8..WLf.^W....2.m..+......b.K...........G..S..F.!...........,....4k8.{e2........V.z>...O.ZP.U..hEo......Q.V.|)....K..
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1273
                                                                                                                                                                                Entropy (8bit):7.858976405598062
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:YHS2BQswRZ1sAc65pFsDhcFM5Z92JyNc8jG4dl/ifiZYPAUVPM4BM3IWe2xs:YHSVr2mNBFY92cNNjv/cb4wRa4WFq
                                                                                                                                                                                MD5:4157C7D576B1E59D90B656D1B0EAA242
                                                                                                                                                                                SHA1:6F7CCCA4287EC386CA784A117881EA7B5AA72347
                                                                                                                                                                                SHA-256:CBABA2EEB838822C09DC1E0C19EEBD23067AF9219709593ED1B2B2C8DDBD5821
                                                                                                                                                                                SHA-512:D2BB732BC1F54DE58941FC4281FDA836FE8095EE732E72EE59D035D05C0E3996B81409147E28433810ECB12C151587010A1FAD69AA3E8173A90C053F2369AE7D
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.G....._..+..2{..+...R.....#....3....J.D.v..d...i@,...uk....... .F~n.s&`.....Z..9.......O...\.m...f..k.........#.!G._.Y....u.y.pjM......G....k..TK.........._...{..L.S9...G.`f....q..qX....Gv.C%H..../.\*;H7!..nhSxI@..}....2.&_......A.;...H..8.+H........_..$..*nt]$7.X<.......N..Yk.&.....(.Q.3.S..wf........b..c.....O..q...z..... .E."`...UM.`s*..A...f.f=.E ..A<.L./...n#Os.......O..3H.3..1...}..Y)gy.f.x..{1...f!....-.....j..8.F..a...|..v(L..n...2....hv7.w....^...9.C*...Z[v..j....9...q..6..W198e5..jS..c.....y..,#.|@....|..<<=.[.....X.9\q..$....Av=..v.-^p.FF...Z<.USm.b].r\.b...;.\.|j.......JO.d,..a.u.wf.&..@a.a.Q.........Lq..\...s.R..m-:P.......5-~...V..Z..|2..}u..C....~P.j3.j.......8U..X=f....O.......H..+.|..e(6'...L.^.....17X.<f7.B.x.T...y.,...s.]....8.b.<O.\`U..."v.Zc.._....N'..b.."?.......u/ ..4/.).Z..`Y`".'. .eW..$[8.|t....0z..Qv#.*i.}.L.B.._......g..._K.Ue.~......vFx.s......)..v.1..f!o*...........E:...9..zp..B.=....%\w0..-..q..~..*03...L..V6...
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1275
                                                                                                                                                                                Entropy (8bit):7.855636115410409
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:9Vn47H2DpLFLCSPxtRejUZHiNiAP4NEsZUtXP2TXgDNi1aFmFVZN2xs:34L0OyxtcjACRzt/4Yi1XWq
                                                                                                                                                                                MD5:D7DCB1804054DF5B5845DFAC7A23012F
                                                                                                                                                                                SHA1:4ED02C2239A86094F5161C182D2BD83013A670F8
                                                                                                                                                                                SHA-256:E18C4479B835609770A29D16048ED5E53FB0CF14A3E855FB3C641956E5119F42
                                                                                                                                                                                SHA-512:830D0C5D1D2945BD31A4D112D3042784BAEA755105CFDEECC3F16A334F12B25A800774C919FF805096FF22DE17BD74FCC5183DFDC1187F291443083818D8C8AC
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.d.I..Q.)..b....H.J._5.x......[0.....r.q..^.jE*..z=.8.+.mE...I..6.7.f.Q.=...I\_o....$M..x..}1$.B...i...h=....%H.u[<>z......u..z..`.Y....e.Q9...d..1..uRX.^.`9.\..... ,.v7..\H../sz.?E..-..u.(LPtA....4-=.|Xt5...5%Bg.D0 =.k.. QyQY_.0...H.(.F.Wa..!......M..N....V..M...@...~...#..g....p....:..M....H..\mUP.ANe n.M..%.....g`#,.q...h....@T..3.E....$.F..Y6r...a...w....^.a&..n.`UN%*..mO$...../.3.'..{'P......gm".y?=...]...<`6..m..J.=..hJj9.=....hCNi...j.d.....m...&...((r.z.{.R...-g.:2.'..e.E3..!dWL.4W|.`|.I..)0}..@..l.KueWkq.....M.F..........v.......{..Vn.#.c....n@...z)!w..#x.t}@"(.q.D+.t..*...........p.}.N.....3..'.C...<.H.+....C].b5.xK..h......W...RD..r............A3.L.G....X....c.?.....h.......[].oe.d...x0..,...|.8.F9K.>.P.....z..x ...o..r.9...$Av.$t).P..<.W...@...M..w..V.c.vp.. <..J....NN.&.a..Zi.^.....e/.9d....k0a$G1...rn..1..`.^#9....D...V...5..;V.L..i2.`.n.jm..E.5a .T.2.&.T[.Y.6<a....!.....v..?.Y_...l.B.MD...2.....y.-yj.G..m..C.#...Z,Gg....9V. ..d..
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):350
                                                                                                                                                                                Entropy (8bit):7.3234378004436165
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:q2S5+ripc2XULqEIwviElsdNfeL+/AXKXqrnzo66uoxTQWryJJ:qnCiytZ4leLraaDixTYJ
                                                                                                                                                                                MD5:4E506BAEFCF54E7BE48A6A0335C245C6
                                                                                                                                                                                SHA1:1430CB58F91A24333718E0716875A40D7EC8AD1B
                                                                                                                                                                                SHA-256:4D4034D3C0B6BE54A40D1265564CC01D6FF85B6F31101C48DCCC8E9F5D84F242
                                                                                                                                                                                SHA-512:14A10BAD8F64FDC5747B462129EADF7B73A7FF18E6D0DA52C51820FA91EDCBFB2BEA2D5077D3285F79AF74BF04F5869EDC5F3E9EF9BC9B61D1A275382D51CBB4
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......P...F..q.J...Kf][R......W&V..T-....A0.@..\....u....Vw.....wD!>..&.`..4b....)?^v. tQf....t....c{g..4R.....PVl...-.t..A.....D....W..{z4=L..(....kKY@_.....q....Q[..zc.)3.7X.X&..g....(.......=...I.i...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):443
                                                                                                                                                                                Entropy (8bit):7.516018632634448
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:DwAA9V+SrDczSlXNup1TGJZrzwaaDixTYJ:tA9VDrD0SlXs0M2xs
                                                                                                                                                                                MD5:2CF6D6A669C0768A316ED4660522CE3B
                                                                                                                                                                                SHA1:028526A52EF03BF63FD078E7E1EC92E61D518C7E
                                                                                                                                                                                SHA-256:15F0EB676DE25CEED793577E4382B109505A1EB68B3C7AB3FC87EB51927A96E0
                                                                                                                                                                                SHA-512:AC208F0CCA3F71B5DD2CEF4D732BE32ED0138C7D14F4E4175C7AE13369F33D662C941A69A134D5DB0024943BE59A720862BBF73FB7D2180D507643D739210724
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:7...6".k..."$\S=...B...6.%@..ow...x.....=..1!.-.v....;.W..V..q.!...)..r.......r8....}.W....nkxZ.H..Xo.......fu.T..(W...8.s....*..6j...%.>.."..|...O...)Bp..N..r;...*.w-.......`.A".{[ .4{j..,.WJ..8.4V......PMl...,3.h...A.....D....W..{1x.*.]....W.1V......|.c.....G.G.gj..q..........t..~Tkq;.e...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):355
                                                                                                                                                                                Entropy (8bit):7.382675321527348
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:ReJq3cSxSWld9qofBBb6FpSJL9+tNmMAEqIAXKXqrnzo66uoxTQWryJJ:RedWv0sBBb4IJS5saaDixTYJ
                                                                                                                                                                                MD5:8E0F9D16FA6B4425C35985C5696B78C4
                                                                                                                                                                                SHA1:D4DCA1837E29FCF367E9E85DD79F2617AFBF55E7
                                                                                                                                                                                SHA-256:7B31E8892AA4D92F478975EC799287F595A6CF6943EDB76221FA6AEA5216C474
                                                                                                                                                                                SHA-512:C5A80C865C750AF6E98088851633302DBCE9C57F642EC8E983398F0438D0AB786B328C2D564582C6ED2E83D6427CC8E5B2371C94AA40EFD41C60F9F7FE39A8C2
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.....,.H%.. `.r.9I.[a...I.'d............+.Q..1. ..A...Nw+.7....os.&...U.z;.4%,..%X[q.[...z`..A.p'#m..uX..I9...4^.....PWB.L...fp..Z.....D....T..xy4=O..Jz.._.9...x.s.E..+..o_R.KX.;......?;{.i!..,..2c.b.....{.. u-.l...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):347
                                                                                                                                                                                Entropy (8bit):7.410015709948455
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:wZxlGGS2uzpHR7ty2NOUvabr5nBhlmEo8L1GUvp8nusvXKXqrnzo66uoxTQWryJJ:wZ7RS2YH7iblnBhHLBvQvaaDixTYJ
                                                                                                                                                                                MD5:73FCB5AA5C28F0CFDCB61F8EFDFB4009
                                                                                                                                                                                SHA1:B139EE6CAFA6F3716F0EA40913E61421E23A141A
                                                                                                                                                                                SHA-256:8F315534D52F6A0BF91AB8B0094BDC5A0C2FFAA825F00805E1D8FBC5EE3CF041
                                                                                                                                                                                SHA-512:48D34BDC8C4008EAB2E1FF62F999D551E8471343F234BA382E42CD380B18873D38E3B27760BE5A00039522543F9538F009F50462F725F408AAEF783EA2B7004E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.....7.T... A.....c....c........../...N.O..8y....t.8$.m.|U#..-j.q3.6...$l;..&8.G...U..?.'.B...`.../>.P.....X.4P..-.I..6..R...$j...A....D....T..{y<+...s....x.....M..l....7/...L..T..H...\....a]x...I..Be.t..m$\.f...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):344
                                                                                                                                                                                Entropy (8bit):7.352977301266839
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:N8seZnVH7YA2MlmSPl0kYIQjjgdSpXKXqrnzo66uoxTQWryJJ:qseZVH7FNl0zIQj0dSpaaDixTYJ
                                                                                                                                                                                MD5:D61FF6D0325C47E69C9852D5527A2F38
                                                                                                                                                                                SHA1:8BC4434E4692C823B7901CF2977B56D57224EF50
                                                                                                                                                                                SHA-256:AAEA1E3F7C6B71C39CA9DA9E50B07D0925CCF0DEA00E43414DC1C567543C82CD
                                                                                                                                                                                SHA-512:E4CC69FB1304F0473D4E4EFA2B1418A26C652034BF4736CE1215422AC68761CA1BB89EBD3E4DED9628ABA84B097BE945F2AE5D9CE38F6E3854DE83781D9A1A0E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.8..o>S}w8G...2.)...9G...e.3.`.G....DQ.......}z..`..y:....W.d..=...c..... po...3.6...~G..A.......r..=...4V......PMl...,3.h...A.....D....W..{..d$b..\........Lkk~n...=Q..@r.......S.l..{..?STC..v....S..e...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):353
                                                                                                                                                                                Entropy (8bit):7.363320000918604
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:glydcJY/H6Iu4eiTtJ6n21Z6Eb7IROaNsXKXqrnzo66uoxTQWryJJ:gkzWSJz17IROaNsaaDixTYJ
                                                                                                                                                                                MD5:1EDE98CB80CDC72FBE2C1885D16BEED2
                                                                                                                                                                                SHA1:151E6047F0D4D1A48F68492A733515B5CF3CC859
                                                                                                                                                                                SHA-256:612EEAA66124093DAA27FF44DE50F130D840606D9073D16E8808E9AB2F9E9529
                                                                                                                                                                                SHA-512:386DA2AE88B15A67450215796C9B476CA10F97361329863014C15473CFF1B2865C68BA4E796603A4D0732D9FC14BC61E1F3720E8516C2D4D9F08AB9A7804E0DA
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:}...u@.MQ..)U}.].Fl..0.f....V.].p{a.j....r.q.^|wY...+4.V.(.,.L?.JG~....L.P...FLu_.oD.v/..G..TH.{.?|.....EV.,.4f.....P]l..-.t..kc......D....T..{y4>L..g.."[........b.e.m..."n.LK.)e.<..t....u....v.4Q....A.M!....>B.k...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):349
                                                                                                                                                                                Entropy (8bit):7.372552701735429
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:widHTigmjAuDUkyJ7xvHq3RY7wP1wosW0cnnXKXqrnzo66uoxTQWryJJ:XTihTUx1dHgY7wPDaaDixTYJ
                                                                                                                                                                                MD5:FCEAAEF43E7375698D3C011E70331D6F
                                                                                                                                                                                SHA1:9122C904BDFD3DD2BA3A3072DFEDB91D3396A35E
                                                                                                                                                                                SHA-256:9872E5F3A92FCA119D667E099DBEBD391283D31ECEF7F7633C277CCD324E96CE
                                                                                                                                                                                SHA-512:AD84FD28976BBC9D047A52D7E26312FCCF259F66B3E18DBDF35C9755DD5EC79EF98C2277CE7932A4C6E94D57E145F398F97648EB84B9F282E51BFD0886573DCF
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:l.....$.F...G.......kh...<?.H.../...h...d...7q..~.~x?.0....b.-....G3.c.6.-..l....N.&&..,..._...Vh.......-.4Z....L..6..R....s...W....D....T..xy4=Z...z.v....vH..!.H#.$Ca....w&.8#.7....g..t.t.......`..!.@....9.h...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):350
                                                                                                                                                                                Entropy (8bit):7.382452149106626
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:IL+Owuk6QdFIIL93QvpPWOHOhYO7WgI+vXKXqrnzo66uoxTQWryJJ:I7Vk7dFhL9tB7SEaaDixTYJ
                                                                                                                                                                                MD5:C11818FDF7D94A37675E4337E8DF692C
                                                                                                                                                                                SHA1:31AB35709578D63953F866FB17077B849857550D
                                                                                                                                                                                SHA-256:5A26BAB86747DE80F3287F65F366924FE8674B8A15F5EFDBF6D212F611DCCC62
                                                                                                                                                                                SHA-512:9383D189757CCE471855AD151C4E5FB9D424855E13C8D9EB3122D12D85EFB5B0CB2A7AB15486FDBE765C653C3D93A3D52F4E0BE39F8B895EA5A43B927241E94A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:H..:..Z}...h......>....5j...C..|x.K.uGA......i.5..P.6d0...0...5.\7TL....]#M..K..i..GH YMkq..v....0Pa.Km.@..4H.......6...........W....D....T..xy4=...x...U..xm.P....../...z..N...P.3.N.^...6.|B..}...*.})...ea.h...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):356
                                                                                                                                                                                Entropy (8bit):7.367320616452419
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:jY8NIaU2cHteLMSEUc6Ppe7ZX39hnn4vlSJLRQ4CjX3WRE9bHZcSXKXqrnzo66ub:jRNnU2cNe4Sk7t9hnn0atQ4gXGO9FcSJ
                                                                                                                                                                                MD5:7A9A006C5286A6C70B36048C8D2191F3
                                                                                                                                                                                SHA1:3EAF83664C9543A81D59A3592AE8B4E52DDEF9AC
                                                                                                                                                                                SHA-256:4A26E28AEDD636B61714586771B98E67B2C9FFF0E6BBF9598C2C342C6A765420
                                                                                                                                                                                SHA-512:4BCC9A7629F8C8B98123B43E90D81A2BE3EE18D94313E6316F27A863E4BC901C26721C6D10A056156F91C11B65B157558AEF01961BDD3E68CE927687F9D05823
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:"..}#.qa;%..u..A..=jd.7.N.?qE.....{(....<p%s...Q>..Z..8V..O....n...b.....-..V.?.T..v...**{.......rxw7....Up{..4V....U..4..Fn.c.p..s....D....T..xy4=O..J....+..Q:.....2Yi..G.,...4....[.-e..... .J.."[..`.d.zM..^d.zl...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):350
                                                                                                                                                                                Entropy (8bit):7.408673397589213
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:rg0ttoshQELDFvPEiab+vhM5XE2H1gjv6A7tf596Aazpfi1PhXKXqrnzo66uoxTo:rllhQELZvP4bohM5ty7tL6A4pfQpaaD5
                                                                                                                                                                                MD5:536974746FBB88493EF76AEC65DD8075
                                                                                                                                                                                SHA1:D59F6333130F4E1527DC8D12A67D24423D430160
                                                                                                                                                                                SHA-256:B1C8AA1F2B3D5D1C860E82327C9261DC8370841C5015E906CC2AC77B10117ABF
                                                                                                                                                                                SHA-512:7E138781FCF9A3594C06EF11F5C5954BDC3B0AEF6979ECF13131D22D33D73FA6EA0232CC460CF904049E011E5BA935903B1A644BA98263091D71833CB798F742
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:F(..I.m.YT...#...<....y. ..j.#...C..A..C...H...`...[y..i.....ak".W...]Y.su.....*|].J.l.........#..fz....-9q.4P.......6.....c.....W....D....T..xy4=.HZ.m..l0....'..c|..}....a.X.....Y..T.)..j.\v6.........hs...3h...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1173
                                                                                                                                                                                Entropy (8bit):7.846879459072067
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:lNndSDGIj8jn3OCwg+BCpykI5W356/GInE10ykurmVO4Nqnk02xs:38On3wIykttIgTv044q
                                                                                                                                                                                MD5:8C64A48AD99406E27C717DFF6E98C4D7
                                                                                                                                                                                SHA1:2A270F8CBE2A17162E8FA74A00E7392F8A16E583
                                                                                                                                                                                SHA-256:BA297183FFEC4C9FA734A0EDF9A05CB1F319F8F8A0D9ABE9263D5D88098D2FBC
                                                                                                                                                                                SHA-512:0958D50E56683CDD056E7BFD0FB6E96BCFA13E42F24929440A0CA680B7B086B527B8417612BFE19FCCA6E6F24F8E4105C91F91DFDD8FD2EA2F26992829C1A312
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:....>8....]H.'.an_.l:.q!........B.aa..-....&0..~..t....OQ...R.S.A...+~..h...^r.....n.z.......1.v;..z.>]W..NO.e..U.+.:....~..Z.-3o..]............JG.t....Z.......@;..&.......5Z2D.m......A.-..amk..i|?.s..#$.A......w....f....Sj...iX.hq..M."...'....a'....^.3[!..U....G4...S.k..U.xS.^.)l.,...`...+G..SB......T..L.rp..y@j-.l...]T.H*.Y%....bPi.c}.=...(..+D...~Q...0L^... ..+4..~#Kq...Z..._O.....<.#.C.............<.T.Y.|...........i...D{......Z5J......&3*<...s..$.......g..8k.cUn.m.Nv....;...J......M.....QxM......1.+....t.z..../....:l36.....?W4....?3....g.!.Qn..].2...jO.;....h.&=. +S..;#K63.mR.s...p......."?.......-#.q....Q.x.pq..f.VzFj...J..*?..p.HU.L.2.=....qN....B...1]...=_.\].1...Q.Y-G...uf.o.U......Me8.....g.X..6(..S....d......P.'>.(..N...u..6.)<...%.5...Z...0?l..z.i..fZY.\.Y._......F........zmGM...4_6m......4V.....P.B.\......2.s.k..I......T.(u..~.............1TEVw..8..x.[+<F..TK.+...?]..H..V.,'...m.E.P..!a........?.c....f.^...0.".;.6y
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):239
                                                                                                                                                                                Entropy (8bit):7.050141650941208
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:d4SNq1hkrxLl3sEAXKXqrnzo66uoxTQWryJJ:bNyylhcEAaaDixTYJ
                                                                                                                                                                                MD5:538AA9C1B9C15DA1015A5AEBABAF1BA8
                                                                                                                                                                                SHA1:3351793AAADE3C2E5D221680BB7A21B3D5F018B2
                                                                                                                                                                                SHA-256:0C6BDDCC04AC7D0A2F093D4721070A12E7E8181ED98D9AED5549D70164C7B49C
                                                                                                                                                                                SHA-512:869DC0A45355F407C3253000453BB0B0CB2DA3C4E30502D791E1EA86A486653C6E0F299967F469A762C3D28D82A26E8B1A88F5B911A29F75C3791694549EF89E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:........4\.....k1..%...hP..A.....D....qK`.Q..r5...Ta.P....O.IN..C..W....7.....C.....8.7Dk...%....X^.a...<..o...L....\.y.3.C.=....v....%......@(.......u....4..g..@.c_.r?[. ..U....<..Hb.!...?0[.?.._Ak:F`Obd..W.r.o..d7.5.?Ly.9'e5.|_
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Windows\splwow64.exe
                                                                                                                                                                                File Type:Microsoft OOXML
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):13685470
                                                                                                                                                                                Entropy (8bit):7.892633726721754
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:393216:D3yjqrBGLIlXPOWU5uMShv6ZGDmpd32WJkNYJr:D3aqVGLIlXPOWU5uMShv6ZGDmpd32gkS
                                                                                                                                                                                MD5:0D3567A8B518DC22918A6370342B5D1F
                                                                                                                                                                                SHA1:3CABE9351205D9E7A453AA270A61E505A63447B0
                                                                                                                                                                                SHA-256:A231C8F52B5562114B894E5DD442816765C1493E13B0D23DDD7C7A653E2CF7D1
                                                                                                                                                                                SHA-512:604146F1ADBD346567E5F2D2AA16436E33E3CD17A1175BA75938037450FB91EF627E9829DE8BBC21A83137B018D60F5AB0A60A6707C997E3702E0D93D3523B44
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:PK.........q.X................[Content_Types].xml/[0].piece.....0..W..o.x .....e.(....Ql!..<...S^.MMw....#Nr.9....p..:..J.z..`3..DM....T.n..J..-c...3....&a#......PK....X.j...q...PK.........q.X................[Content_Types].xml/[1].piece..1..0....eE$....{e.C.&..X.........H\., .....o.T..i.."...K.s..4..VW...i+.Ak.....}....\.+..O?PK..K..jb...l...PK.........q.X................_rels/.rels/[0].pieceM.A..!.E.B.w...1.....9@...C!...?,].......f..4.qp.,.._^I...y?\`.....Cc.jF". .^...#g.T.A.e.c.........3.....PK...BpJl...y...PK.........q.X................_rels/.rels/[1].piece..K..0....9@&.....nk/.....O3S...s....L/'.UN...'.......P....UO:....=X......B..gD...c]...[..[..3..9.9a.... .....N.PK..4...u.......PK.........q.X................[Content_Types].xml/[2].piece-.A.. .F....p.u.q.&....!...m..[.n_^..kA.......>|.......f....`........}..F..(v.6.t...0-.n.C|@.N-.Z...PK....[Pm...{...PK.........q.X............%...FixedDocumentSequence.fdseq/[0].pieceU.M..0.F..fo&.....H.`..2.....H.o..p
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1159
                                                                                                                                                                                Entropy (8bit):4.909757425426515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:SOZJNRovfexRvYx/ncUYTxLZl0r0OzANQgq32xfZnS0iNFdAnP6:SOZbqfexrZrS3Iq32xlSX2S
                                                                                                                                                                                MD5:F29E077226F8DC235CAE4795459A3542
                                                                                                                                                                                SHA1:A23AEA328BEB92BFD4464A3B0F70E772B8969CC2
                                                                                                                                                                                SHA-256:CF8875AADE9351184274F533067BECF2AD10CCF2B6296274ECE5D5B58B6AB008
                                                                                                                                                                                SHA-512:0C76F1E7AC8E4DB582EA7E26FA9B8C18D54605AE6A9A87A2A1FA0B1BEACACBB8F1230421C1124B1E7C12FB546FF31DBBD2CFBBEBA80EF98BBAA01B356F7FDC6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.. ~~~ AlphaCat ~~~....>>>> Your data are stolen and encrypted....>>>> What guarantees that we will not deceive you? .....We are not a politically motivated group and we do not need anything other than your money. .. ...If you pay, we will provide you the programs for decryption and we will delete your data. ...Life is too short to be sad. Be not sad, money, it is only paper... ...If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. ...Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment... ..>>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID.....Contact via Email with your personal Decryption id !: hackbeenswim@mail2tor.com......Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q.....>>>> Your personal DECRYPTION ID: D53F15BF767167BC622C1CB4D4FC174D....>>
                                                                                                                                                                                Process:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):64
                                                                                                                                                                                Entropy (8bit):3.657603078152579
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:EVlclpl9I2Y1An3kEsFRR:EPcMGGRR
                                                                                                                                                                                MD5:03F3336ED477CC0331022B7036073EAB
                                                                                                                                                                                SHA1:786B24A4DA16CC8056E3A6747C14881097E1EEA0
                                                                                                                                                                                SHA-256:B1D4DC5E15A12B3CF4B12527E87859230622F34D70071E95068DB40D2A4CB9AE
                                                                                                                                                                                SHA-512:030F2CD2544DEE7CE85D3B27F4C8B7455682AF6BC0A51C33F93C2AE7535934FF12E0ADD9CA2D7116C6D05F62E92041BF9881F97DB84C922B94DD3F8A5DB79AA6
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:....2.1.0.9.7.9.....\MAILSLOT\NET\GETDCEBAC39EE............ ....
                                                                                                                                                                                Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):22
                                                                                                                                                                                Entropy (8bit):4.061482186720775
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:otlRwRIs:otgT
                                                                                                                                                                                MD5:826300C96CE75E911545E6F9CBE53887
                                                                                                                                                                                SHA1:082A48B4BF2F2D48F120631F8720D8AA59ED5421
                                                                                                                                                                                SHA-256:9B62E0000921779B462704C2F7A4DA0BC987665D692784552C6FF0595CE7BBFA
                                                                                                                                                                                SHA-512:EF7E0283248F2C5236B4CF7CFFC557A2D25C1B508C17131BABB8D1A342FEC0DB10B7776D20C23BC21E7D56CE736B4FAFE73878CBDA919468FF2BCEDDF2516AF5
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:C:\PROGRA~3\C9C8.tmp..
                                                                                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                Entropy (8bit):7.202074708623612
                                                                                                                                                                                TrID:
                                                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.94%
                                                                                                                                                                                • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                File name:c8JakemodH.exe
                                                                                                                                                                                File size:150'528 bytes
                                                                                                                                                                                MD5:a7ed7796c84c9b27758f359705741455
                                                                                                                                                                                SHA1:58bb54cd72323d0a73a3839e1b00b84d9260dcb3
                                                                                                                                                                                SHA256:9cb76090b74457b23fd3daf8af4793510cb94a970046de0ea4d3bb05527ba2e1
                                                                                                                                                                                SHA512:fa5b2daad524f6de86ea358231c2e8e0621e8963d86e6153d916e78e0f639c6503a82ca50d39aed2441aef654f8e69473f41f796462b929b5ca74610042f9fe6
                                                                                                                                                                                SSDEEP:3072:/qJogYkcSNm9V7DFl6qYKCVNVMhyJQtSBT:/q2kc4m9tDFdY5NVM7t
                                                                                                                                                                                TLSH:A3E36B21F25ED0B3D87718F12726A17EB3EA4D2C1AA57803E6D50F48BCA19232F4595F
                                                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....!c............................o.............@..................................&....@...........@....................
                                                                                                                                                                                Icon Hash:00928e8e8686b000
                                                                                                                                                                                Entrypoint:0x41946f
                                                                                                                                                                                Entrypoint Section:.itext
                                                                                                                                                                                Digitally signed:false
                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                Time Stamp:0x632112B1 [Tue Sep 13 23:30:57 2022 UTC]
                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                OS Version Major:5
                                                                                                                                                                                OS Version Minor:1
                                                                                                                                                                                File Version Major:5
                                                                                                                                                                                File Version Minor:1
                                                                                                                                                                                Subsystem Version Major:5
                                                                                                                                                                                Subsystem Version Minor:1
                                                                                                                                                                                Import Hash:914685b69f2ac2ff61b6b0f1883a054d
                                                                                                                                                                                Instruction
                                                                                                                                                                                nop
                                                                                                                                                                                nop word ptr [eax+eax+00000000h]
                                                                                                                                                                                call 00007F4D7C4FE995h
                                                                                                                                                                                nop word ptr [eax+eax+00000000h]
                                                                                                                                                                                call 00007F4D7C4EBD22h
                                                                                                                                                                                nop word ptr [eax+eax+00h]
                                                                                                                                                                                call 00007F4D7C4EF2DBh
                                                                                                                                                                                nop word ptr [eax+eax+00000000h]
                                                                                                                                                                                call 00007F4D7C4FCD20h
                                                                                                                                                                                nop word ptr [eax+eax+00000000h]
                                                                                                                                                                                push 00000000h
                                                                                                                                                                                call dword ptr [004255C8h]
                                                                                                                                                                                nop dword ptr [eax+eax+00h]
                                                                                                                                                                                call 00007F4D7C4FE679h
                                                                                                                                                                                call 00007F4D7C4FE67Ah
                                                                                                                                                                                call 00007F4D7C4FE65Dh
                                                                                                                                                                                call 00007F4D7C4FE65Eh
                                                                                                                                                                                call 00007F4D7C4FE677h
                                                                                                                                                                                call 00007F4D7C4FE66Ch
                                                                                                                                                                                call 00007F4D7C4FE655h
                                                                                                                                                                                call 00007F4D7C4FE66Eh
                                                                                                                                                                                call 00007F4D7C4FE657h
                                                                                                                                                                                call 00007F4D7C4FE652h
                                                                                                                                                                                call 00007F4D7C4FE635h
                                                                                                                                                                                call 00007F4D7C4FE606h
                                                                                                                                                                                call 00007F4D7C4FE61Fh
                                                                                                                                                                                call 00007F4D7C4FE602h
                                                                                                                                                                                call 00007F4D7C4FE615h
                                                                                                                                                                                call 00007F4D7C4FE616h
                                                                                                                                                                                call 00007F4D7C4FE5F9h
                                                                                                                                                                                call 00007F4D7C4FE60Ch
                                                                                                                                                                                call 00007F4D7C4FE5FBh
                                                                                                                                                                                call 00007F4D7C4FE5F0h
                                                                                                                                                                                call 00007F4D7C4FE5F7h
                                                                                                                                                                                call 00007F4D7C4FD148h
                                                                                                                                                                                call 00007F4D7C4FD155h
                                                                                                                                                                                call 00007F4D7C4FD162h
                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x1a2300x50.rdata
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x270000xfcc.reloc
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x1a1200x1c.rdata
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x1a0000x70.rdata
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                .text0x10000x17d460x17e0057ad8095d0d1b2e0663fbd3ef4405410False0.48270819698952877data6.613530972543989IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                .itext0x190000x5690x6000adcc204eb91a7bbe4f95e6c65202fe1False0.255859375data3.0389614741823974IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                .rdata0x1a0000x4b20x6009264ea7f335858b063b39397d3c51d14False0.3821614583333333data3.6588662154359954IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                .data0x1b0000xadc80xa000b65abfb7ff7c5a10fe797c1581daa62bFalse0.98291015625SysEx File -7.985848215035175IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                .pdata0x260000xc380xe009b70ef636ac51bf9b2537242c404d96aFalse0.8892299107142857data7.455983226281325IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                .reloc0x270000xfcc0x100068a4352eca889669f544bd64baa3f961False0.8427734375GLS_BINARY_LSB_FIRST6.728533295109IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                DLLImport
                                                                                                                                                                                gdi32.dllSetPixel, GetPixel, SelectPalette, SelectObject, GetTextColor, BitBlt, GetDeviceCaps, CreateSolidBrush, CreateFontW, CreateDIBitmap
                                                                                                                                                                                USER32.dllLoadMenuW, LoadImageW, CreateDialogParamW, CreateWindowExW, DefWindowProcW, GetDlgItem, IsDlgButtonChecked
                                                                                                                                                                                KERNEL32.dllGetLastError, GetProcAddress, GetModuleHandleA, GetLocaleInfoW, FreeLibrary, GetFileAttributesW, GetCommandLineW, GetCommandLineA
                                                                                                                                                                                No network behavior found

                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                Target ID:0
                                                                                                                                                                                Start time:14:04:50
                                                                                                                                                                                Start date:06/05/2024
                                                                                                                                                                                Path:C:\Users\user\Desktop\c8JakemodH.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\c8JakemodH.exe"
                                                                                                                                                                                Imagebase:0xb20000
                                                                                                                                                                                File size:150'528 bytes
                                                                                                                                                                                MD5 hash:A7ED7796C84C9B27758F359705741455
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Yara matches:
                                                                                                                                                                                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000002.2326197823.000000000117D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: Windows_Ransomware_Lockbit_369e1e94, Description: unknown, Source: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Author: unknown
                                                                                                                                                                                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000000.1957084963.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: Windows_Ransomware_Lockbit_369e1e94, Description: unknown, Source: 00000000.00000000.1957084963.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Author: unknown
                                                                                                                                                                                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000002.2326567241.00000000012E0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                Target ID:4
                                                                                                                                                                                Start time:14:05:14
                                                                                                                                                                                Start date:06/05/2024
                                                                                                                                                                                Path:C:\Windows\splwow64.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:C:\Windows\splwow64.exe 12288
                                                                                                                                                                                Imagebase:0x7ff6797a0000
                                                                                                                                                                                File size:163'840 bytes
                                                                                                                                                                                MD5 hash:77DE7761B037061C7C112FD3C5B91E73
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                Target ID:7
                                                                                                                                                                                Start time:14:05:26
                                                                                                                                                                                Start date:06/05/2024
                                                                                                                                                                                Path:C:\ProgramData\C9C8.tmp
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:"C:\ProgramData\C9C8.tmp"
                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                File size:14'336 bytes
                                                                                                                                                                                MD5 hash:294E9F64CB1642DD89229FFF0592856B
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                • Detection: 100%, Avira
                                                                                                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                • Detection: 83%, ReversingLabs
                                                                                                                                                                                • Detection: 83%, Virustotal, Browse
                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                Target ID:8
                                                                                                                                                                                Start time:14:05:27
                                                                                                                                                                                Start date:06/05/2024
                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:/insertdoc "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\{DCDCAFEB-5EC4-4F60-8F7C-E85EB48A28C7}.xps" 133594707154290000
                                                                                                                                                                                Imagebase:0x900000
                                                                                                                                                                                File size:2'191'768 bytes
                                                                                                                                                                                MD5 hash:0061760D72416BCF5F2D9FA6564F0BEA
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                Has exited:false

                                                                                                                                                                                Target ID:9
                                                                                                                                                                                Start time:14:05:27
                                                                                                                                                                                Start date:06/05/2024
                                                                                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\C9C8.tmp >> NUL
                                                                                                                                                                                Imagebase:0x790000
                                                                                                                                                                                File size:236'544 bytes
                                                                                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:high
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                Target ID:10
                                                                                                                                                                                Start time:14:05:27
                                                                                                                                                                                Start date:06/05/2024
                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:high
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                Reset < >

                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                  Execution Coverage:21.9%
                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                  Signature Coverage:16.7%
                                                                                                                                                                                  Total number of Nodes:1989
                                                                                                                                                                                  Total number of Limit Nodes:14
                                                                                                                                                                                  execution_graph 11582 b28e72 11583 b28e33 QueryServiceStatusEx 11582->11583 11587 b28e53 11582->11587 11586 b28e55 11583->11586 11583->11587 11584 b28e7a CloseServiceHandle 11585 b28e83 11584->11585 11586->11583 11586->11587 11587->11584 11587->11585 11127 b374b2 11141 b37487 11127->11141 11128 b37580 11130 b31fb8 15 API calls 11128->11130 11129 b3758d 11131 b37593 11129->11131 11132 b375a2 11129->11132 11135 b37588 11130->11135 11136 b29b80 14 API calls 11131->11136 11133 b375b2 11132->11133 11134 b375a8 11132->11134 11139 b375d1 11133->11139 11140 b375b8 11133->11140 11138 b37308 27 API calls 11134->11138 11137 b37598 11136->11137 11142 b31e50 137 API calls 11137->11142 11138->11135 11144 b375e1 11139->11144 11145 b375d7 11139->11145 11143 b36efc 5 API calls 11140->11143 11141->11128 11141->11129 11142->11135 11148 b375bd 11143->11148 11146 b375e7 11144->11146 11147 b37634 11144->11147 11149 b33868 5 API calls 11145->11149 11150 b37616 11146->11150 11157 b36d04 2 API calls 11146->11157 11151 b37643 11147->11151 11152 b3763a 11147->11152 11153 b36b18 2 API calls 11148->11153 11149->11135 11150->11135 11158 b30410 13 API calls 11150->11158 11155 b2a308 2 API calls 11151->11155 11154 b36b18 2 API calls 11152->11154 11153->11135 11154->11135 11156 b37654 11155->11156 11159 b37678 11156->11159 11160 b2a308 2 API calls 11156->11160 11157->11150 11158->11135 11159->11135 11161 b32384 11 API calls 11159->11161 11162 b37667 11160->11162 11161->11135 11162->11159 11163 b3766c 11162->11163 11164 b29b80 14 API calls 11163->11164 11165 b37671 11164->11165 11166 b36f90 137 API calls 11165->11166 11166->11135 11218 b2a9f0 11220 b2aa13 11218->11220 11219 b2aaff 11220->11219 11221 b26830 RtlAllocateHeap 11220->11221 11222 b2aad3 11221->11222 11222->11219 11223 b2684c RtlFreeHeap 11222->11223 11223->11219 11224 b2def0 11231 b2ddeb 11224->11231 11225 b2de3e 11226 b2de4d ReadFile 11226->11231 11227 b2e006 WriteFile 11227->11231 11228 b2e0ac NtClose 11228->11231 11229 b2684c RtlFreeHeap 11229->11231 11230 b2df8d WriteFile 11230->11231 11231->11225 11231->11226 11231->11227 11231->11228 11231->11229 11231->11230 11447 b28f36 11448 b28f38 RtlAdjustPrivilege 11447->11448 11449 b297a8 4 API calls 11448->11449 11450 b28f70 11449->11450 11451 b28fe0 11450->11451 11452 b29850 NtClose 11450->11452 11454 b29005 11451->11454 11456 b28e9c 4 API calls 11451->11456 11453 b28f7e 11452->11453 11453->11451 11455 b28f87 NtSetInformationThread 11453->11455 11455->11451 11457 b28f9b 11455->11457 11456->11454 11458 b28d78 7 API calls 11457->11458 11459 b28fb0 11458->11459 11459->11451 11460 b29850 NtClose 11459->11460 11461 b28fbe 11460->11461 11461->11451 11462 b28bb0 2 API calls 11461->11462 11462->11451 11463 b2fe37 11466 b2fcae 11463->11466 11464 b269a8 RtlAllocateHeap 11464->11466 11465 b2f4f8 NtSetInformationThread NtClose 11465->11466 11466->11464 11466->11465 11468 b2fecd 11466->11468 11474 b2f634 NtSetInformationThread NtClose 11466->11474 11475 b2b390 2 API calls 11466->11475 11476 b2684c RtlFreeHeap 11466->11476 11467 b2ff37 11470 b2ff45 11467->11470 11471 b2684c RtlFreeHeap 11467->11471 11468->11467 11469 b2684c RtlFreeHeap 11468->11469 11469->11467 11472 b2ff53 11470->11472 11473 b2684c RtlFreeHeap 11470->11473 11471->11470 11473->11472 11474->11466 11475->11466 11476->11466 11257 b277fa 11258 b277fc CoInitialize 11257->11258 11259 b27831 11258->11259 11477 b2ac38 11481 b2ac20 11477->11481 11478 b2ac53 11479 b2684c RtlFreeHeap 11478->11479 11484 b2ac36 11479->11484 11480 b26868 RtlReAllocateHeap 11480->11481 11481->11478 11481->11480 11481->11484 11482 b2684c RtlFreeHeap 11483 b2ad80 11482->11483 11484->11482 11598 b3017c 11610 b30079 11598->11610 11599 b301e9 11600 b2684c RtlFreeHeap 11599->11600 11602 b301f7 11599->11602 11600->11602 11601 b269a8 RtlAllocateHeap 11601->11610 11604 b3026f 11602->11604 11605 b2684c RtlFreeHeap 11602->11605 11603 b2f634 NtSetInformationThread NtClose 11603->11610 11606 b3027d 11604->11606 11607 b2684c RtlFreeHeap 11604->11607 11605->11604 11608 b3028b 11606->11608 11609 b2684c RtlFreeHeap 11606->11609 11607->11606 11609->11608 11610->11599 11610->11601 11610->11603 11611 b2b390 2 API calls 11610->11611 11612 b2684c RtlFreeHeap 11610->11612 11611->11610 11612->11610 11278 b297e1 11285 b297e3 11278->11285 11279 b297df 11284 b2684c RtlFreeHeap 11279->11284 11280 b297c9 NtQuerySystemInformation 11280->11279 11280->11285 11281 b297fc 11283 b2684c RtlFreeHeap 11281->11283 11282 b26868 RtlReAllocateHeap 11282->11285 11286 b29804 11283->11286 11287 b29842 11284->11287 11285->11279 11285->11280 11285->11281 11285->11282 11288 b2d7e6 11289 b2d7e8 11288->11289 11308 b2cc60 11289->11308 11292 b2ce38 RtlAllocateHeap 11299 b2d827 11292->11299 11293 b2d928 11295 b2d936 11293->11295 11296 b2684c RtlFreeHeap 11293->11296 11294 b2684c RtlFreeHeap 11294->11293 11297 b2d944 11295->11297 11298 b2684c RtlFreeHeap 11295->11298 11296->11295 11300 b2d952 11297->11300 11301 b2684c RtlFreeHeap 11297->11301 11298->11297 11302 b26db0 RtlAllocateHeap 11299->11302 11303 b2d81d 11299->11303 11301->11300 11304 b2d87d 11302->11304 11303->11293 11303->11294 11304->11303 11305 b26830 RtlAllocateHeap 11304->11305 11306 b2d8d0 11305->11306 11306->11303 11307 b2cf28 2 API calls 11306->11307 11307->11303 11309 b26db0 RtlAllocateHeap 11308->11309 11310 b2ccb2 11309->11310 11342 b2ccbb 11310->11342 11343 b2c5b4 11310->11343 11313 b2cdcc 11317 b2684c RtlFreeHeap 11313->11317 11318 b2cdda 11313->11318 11315 b2684c RtlFreeHeap 11315->11313 11317->11318 11319 b2cde8 11318->11319 11322 b2684c RtlFreeHeap 11318->11322 11320 b2cdf6 11319->11320 11323 b2684c RtlFreeHeap 11319->11323 11324 b2ce04 11320->11324 11326 b2684c RtlFreeHeap 11320->11326 11321 b2c820 2 API calls 11325 b2ccd5 11321->11325 11322->11319 11323->11320 11328 b2ce12 11324->11328 11330 b2684c RtlFreeHeap 11324->11330 11378 b2c884 11325->11378 11326->11324 11331 b2ce20 11328->11331 11332 b2684c RtlFreeHeap 11328->11332 11329 b2ccdd 11383 b2ca7c 11329->11383 11330->11328 11333 b2ce2e 11331->11333 11334 b2684c RtlFreeHeap 11331->11334 11332->11331 11333->11292 11333->11303 11334->11333 11338 b2ccf5 11339 b26830 RtlAllocateHeap 11338->11339 11340 b2cd75 11339->11340 11341 b26868 RtlReAllocateHeap 11340->11341 11340->11342 11341->11342 11342->11313 11342->11315 11344 b2a458 6 API calls 11343->11344 11345 b2c5e8 11344->11345 11346 b2c5ee 11345->11346 11347 b26830 RtlAllocateHeap 11345->11347 11349 b2c78e 11346->11349 11350 b2684c RtlFreeHeap 11346->11350 11348 b2c600 11347->11348 11348->11346 11354 b2a458 6 API calls 11348->11354 11351 b2c79c 11349->11351 11352 b2684c RtlFreeHeap 11349->11352 11350->11349 11353 b2c7aa 11351->11353 11355 b2684c RtlFreeHeap 11351->11355 11352->11351 11369 b2c7b4 11353->11369 11356 b2c61d 11354->11356 11355->11353 11356->11346 11357 b26db0 RtlAllocateHeap 11356->11357 11358 b2c632 11357->11358 11358->11346 11359 b26db0 RtlAllocateHeap 11358->11359 11360 b2c64a 11359->11360 11360->11346 11361 b26830 RtlAllocateHeap 11360->11361 11362 b2c67b 11361->11362 11362->11346 11363 b26830 RtlAllocateHeap 11362->11363 11367 b2c6a4 11363->11367 11364 b2a190 6 API calls 11364->11367 11366 b2c75b 11368 b26868 RtlReAllocateHeap 11366->11368 11367->11346 11367->11364 11367->11366 11390 b2a51c 11367->11390 11368->11346 11394 b2a0d8 11369->11394 11372 b26830 RtlAllocateHeap 11373 b2c7e9 11372->11373 11374 b2c810 11373->11374 11375 b2a0d8 2 API calls 11373->11375 11374->11321 11376 b2c804 11375->11376 11376->11374 11377 b2684c RtlFreeHeap 11376->11377 11377->11374 11379 b26c60 2 API calls 11378->11379 11382 b2c8ad 11379->11382 11380 b26830 RtlAllocateHeap 11381 b2c8b1 11380->11381 11381->11329 11382->11380 11382->11381 11384 b2cb37 11383->11384 11385 b26830 RtlAllocateHeap 11384->11385 11386 b2cbe4 11384->11386 11385->11386 11387 b2cc10 11386->11387 11388 b26830 RtlAllocateHeap 11387->11388 11389 b2cc22 11388->11389 11389->11338 11391 b2a55f 11390->11391 11392 b2b390 2 API calls 11391->11392 11393 b2a579 11391->11393 11392->11393 11393->11367 11395 b2a10f 11394->11395 11396 b2b390 2 API calls 11395->11396 11397 b2a129 11395->11397 11396->11397 11397->11372 11485 b2dd26 11486 b2dcdd 11485->11486 11488 b2dcf9 11486->11488 11491 b26868 RtlReAllocateHeap 11486->11491 11487 b2dd4c 11489 b2dd99 11487->11489 11490 b2684c RtlFreeHeap 11487->11490 11488->11487 11492 b2daec NtTerminateProcess 11488->11492 11493 b2dbbc NtTerminateProcess 11488->11493 11490->11489 11491->11486 11492->11488 11493->11488 11494 b2b624 11495 b2b671 11494->11495 11496 b2b676 11495->11496 11497 b2b678 RtlAdjustPrivilege 11495->11497 11497->11495 11497->11496 11398 b25ee8 11399 b25dd3 11398->11399 11399->11398 11400 b25ddb 11399->11400 11401 b25afc 3 API calls 11399->11401 11402 b25deb RtlAllocateHeap 11401->11402 11402->11399 11403 b2d7e8 11404 b2cc60 14 API calls 11403->11404 11405 b2d814 11404->11405 11406 b2ce38 RtlAllocateHeap 11405->11406 11407 b2d81d 11405->11407 11414 b2d827 11406->11414 11408 b2d928 11407->11408 11409 b2684c RtlFreeHeap 11407->11409 11410 b2d936 11408->11410 11411 b2684c RtlFreeHeap 11408->11411 11409->11408 11412 b2d944 11410->11412 11413 b2684c RtlFreeHeap 11410->11413 11411->11410 11415 b2d952 11412->11415 11416 b2684c RtlFreeHeap 11412->11416 11413->11412 11414->11407 11417 b26db0 RtlAllocateHeap 11414->11417 11416->11415 11418 b2d87d 11417->11418 11418->11407 11419 b26830 RtlAllocateHeap 11418->11419 11420 b2d8d0 11419->11420 11420->11407 11421 b2cf28 2 API calls 11420->11421 11421->11407 9259 b3946f 9260 b39480 9259->9260 9267 b2639c 9260->9267 9262 b3948f 9314 b29960 9262->9314 9264 b3949a 9353 b373b4 9264->9353 9398 b25afc 9267->9398 9270 b2653c 9270->9262 9271 b263b6 RtlCreateHeap 9271->9270 9272 b263d1 9271->9272 9273 b25afc 3 API calls 9272->9273 9274 b263e1 9273->9274 9274->9270 9406 b25db0 9274->9406 9277 b25db0 8 API calls 9278 b2640d 9277->9278 9279 b25db0 8 API calls 9278->9279 9280 b2641e 9279->9280 9281 b25db0 8 API calls 9280->9281 9282 b2642f 9281->9282 9283 b25db0 8 API calls 9282->9283 9284 b26440 9283->9284 9285 b25db0 8 API calls 9284->9285 9286 b26451 9285->9286 9287 b25db0 8 API calls 9286->9287 9288 b26462 9287->9288 9289 b25db0 8 API calls 9288->9289 9290 b26473 9289->9290 9291 b25db0 8 API calls 9290->9291 9292 b26484 9291->9292 9293 b25db0 8 API calls 9292->9293 9294 b26495 9293->9294 9295 b25db0 8 API calls 9294->9295 9296 b264a6 9295->9296 9297 b25db0 8 API calls 9296->9297 9298 b264b7 9297->9298 9299 b25db0 8 API calls 9298->9299 9300 b264c8 9299->9300 9301 b25db0 8 API calls 9300->9301 9302 b264d9 9301->9302 9303 b25db0 8 API calls 9302->9303 9304 b264ea 9303->9304 9305 b25db0 8 API calls 9304->9305 9306 b264fb 9305->9306 9307 b25db0 8 API calls 9306->9307 9308 b2650c 9307->9308 9309 b25db0 8 API calls 9308->9309 9310 b2651d 9309->9310 9311 b25db0 8 API calls 9310->9311 9312 b2652e 9311->9312 9412 b37694 9312->9412 9315 b29965 9314->9315 9455 b26f10 9315->9455 9318 b299b6 9319 b299c4 9318->9319 9491 b2bacc 9318->9491 9319->9264 9320 b2996a 9329 b299a7 9320->9329 9549 b2b458 9320->9549 9323 b299d0 9494 b2b664 9323->9494 9488 b26d08 9329->9488 9331 b299e3 9333 b29a6f 9331->9333 9507 b2b17c 9331->9507 9335 b29aae 9333->9335 9341 b2b5d0 NtQueryInformationToken 9333->9341 9521 b2c354 9335->9521 9336 b299f9 9336->9331 9561 b2ae44 9336->9561 9345 b29a9c 9341->9345 9345->9335 9584 b33144 9345->9584 9346 b29a41 9346->9333 9348 b2684c RtlFreeHeap 9346->9348 9349 b29a59 9348->9349 9350 b2684c RtlFreeHeap 9349->9350 9351 b29a64 9350->9351 9352 b2684c RtlFreeHeap 9351->9352 9352->9333 9354 b373de 9353->9354 9355 b373f4 35 API calls 9354->9355 9356 b373ff 9354->9356 9367 b3740e 9354->9367 9649 b29b80 9356->9649 9360 b37580 9718 b31fb8 9360->9718 9361 b3758d 9363 b37593 9361->9363 9364 b375a2 9361->9364 9368 b29b80 14 API calls 9363->9368 9365 b375b2 9364->9365 9366 b375a8 9364->9366 9371 b375d1 9365->9371 9372 b375b8 9365->9372 9800 b37308 9366->9800 9367->9360 9367->9361 9369 b37598 9368->9369 9769 b31e50 9369->9769 9375 b375e1 9371->9375 9376 b375d7 9371->9376 9811 b36efc 9372->9811 9377 b375e7 9375->9377 9378 b37634 9375->9378 9838 b33868 9376->9838 9381 b37616 9377->9381 9845 b36d04 9377->9845 9382 b37643 9378->9382 9383 b3763a 9378->9383 9381->9355 9859 b30410 9381->9859 9890 b2a308 9382->9890 9385 b36b18 2 API calls 9383->9385 9385->9355 9390 b37678 9390->9355 9894 b32384 9390->9894 9391 b2a308 2 API calls 9393 b37667 9391->9393 9393->9390 9394 b3766c 9393->9394 9395 b29b80 14 API calls 9394->9395 9396 b37671 9395->9396 9397 b36f90 137 API calls 9396->9397 9397->9355 9399 b25b0e 9398->9399 9400 b25b28 9398->9400 9401 b25afc 3 API calls 9399->9401 9402 b25afc 3 API calls 9400->9402 9404 b25b50 9400->9404 9401->9400 9402->9404 9403 b25c1a 9403->9270 9403->9271 9404->9403 9417 b25a94 9404->9417 9432 b25c34 9406->9432 9408 b25ddb 9408->9277 9409 b25afc 3 API calls 9410 b25deb RtlAllocateHeap 9409->9410 9411 b25dc5 9410->9411 9411->9408 9411->9409 9447 b26830 9412->9447 9414 b37745 9414->9270 9416 b376b5 9416->9414 9450 b2684c 9416->9450 9418 b25af2 9417->9418 9419 b25ac0 9417->9419 9418->9404 9419->9418 9424 b25a30 9419->9424 9421 b25ad4 9421->9418 9422 b25ae8 9421->9422 9427 b259e4 9422->9427 9425 b25a47 9424->9425 9426 b25a75 LdrLoadDll 9425->9426 9426->9421 9428 b259f3 9427->9428 9429 b25a14 LdrGetProcedureAddress 9427->9429 9431 b259ff LdrGetProcedureAddress 9428->9431 9430 b25a26 9429->9430 9430->9418 9431->9430 9433 b25c61 9432->9433 9434 b25c47 9432->9434 9436 b25c89 9433->9436 9437 b25afc 3 API calls 9433->9437 9435 b25afc 3 API calls 9434->9435 9435->9433 9438 b25afc 3 API calls 9436->9438 9441 b25cb1 9436->9441 9437->9436 9438->9441 9439 b25cf9 FindFirstFileW 9439->9441 9440 b25d6a 9440->9411 9441->9439 9441->9440 9442 b25d47 FindNextFileW 9441->9442 9443 b25d29 FindClose 9441->9443 9442->9441 9445 b25d5b FindClose 9442->9445 9444 b25a30 LdrLoadDll 9443->9444 9446 b25d40 9444->9446 9445->9441 9446->9411 9453 b210ac 9447->9453 9449 b26838 RtlAllocateHeap 9449->9416 9454 b210ac 9450->9454 9452 b26854 RtlFreeHeap 9452->9414 9453->9449 9454->9452 9588 b26db0 9455->9588 9457 b26f28 9458 b271ff 9457->9458 9459 b26830 RtlAllocateHeap 9457->9459 9458->9320 9463 b26f45 9459->9463 9460 b271f7 9461 b2684c RtlFreeHeap 9460->9461 9461->9458 9462 b2684c RtlFreeHeap 9462->9460 9463->9460 9464 b26830 RtlAllocateHeap 9463->9464 9465 b26fc8 9463->9465 9487 b271e9 9463->9487 9464->9465 9466 b26830 RtlAllocateHeap 9465->9466 9472 b26ffb 9465->9472 9466->9472 9467 b26830 RtlAllocateHeap 9468 b2702e 9467->9468 9470 b27061 9468->9470 9471 b26830 RtlAllocateHeap 9468->9471 9469 b270fa 9478 b27131 9469->9478 9479 b26830 RtlAllocateHeap 9469->9479 9473 b26830 RtlAllocateHeap 9470->9473 9474 b27094 9470->9474 9471->9470 9472->9467 9472->9468 9473->9474 9475 b270c7 9474->9475 9476 b26830 RtlAllocateHeap 9474->9476 9475->9469 9477 b26830 RtlAllocateHeap 9475->9477 9476->9475 9477->9469 9480 b26830 RtlAllocateHeap 9478->9480 9478->9487 9479->9478 9481 b2716c 9480->9481 9481->9487 9591 b26eac 9481->9591 9483 b27194 9484 b26830 RtlAllocateHeap 9483->9484 9485 b271b3 9484->9485 9486 b2684c RtlFreeHeap 9485->9486 9485->9487 9486->9487 9487->9462 9489 b26830 RtlAllocateHeap 9488->9489 9490 b26d1d 9489->9490 9490->9318 9492 b26830 RtlAllocateHeap 9491->9492 9493 b2badd 9492->9493 9493->9323 9495 b2b671 9494->9495 9496 b299da 9495->9496 9497 b2b678 RtlAdjustPrivilege 9495->9497 9498 b2b5d0 9496->9498 9497->9495 9497->9496 9499 b2b5e7 9498->9499 9500 b2b5eb NtQueryInformationToken 9499->9500 9501 b299df 9499->9501 9500->9501 9501->9331 9502 b2b358 9501->9502 9600 b297a8 9502->9600 9504 b2b375 9506 b2b383 9504->9506 9611 b29850 9504->9611 9506->9336 9508 b2b19a 9507->9508 9509 b26830 RtlAllocateHeap 9508->9509 9511 b2b1a5 9509->9511 9510 b29a28 9510->9333 9578 b2b514 9510->9578 9511->9510 9512 b2684c RtlFreeHeap 9511->9512 9514 b2b1c6 9512->9514 9513 b2684c RtlFreeHeap 9513->9510 9520 b2b320 9514->9520 9619 b26de0 9514->9619 9516 b2b2d6 9517 b26de0 RtlAllocateHeap 9516->9517 9518 b2b2fb 9517->9518 9519 b26de0 RtlAllocateHeap 9518->9519 9519->9520 9520->9513 9522 b29ac3 9521->9522 9523 b2c374 9521->9523 9543 b2e214 9522->9543 9524 b26db0 RtlAllocateHeap 9523->9524 9525 b2c385 9524->9525 9525->9522 9526 b26830 RtlAllocateHeap 9525->9526 9530 b2c3a1 9526->9530 9527 b2c5a1 9528 b2684c RtlFreeHeap 9527->9528 9528->9522 9529 b2684c RtlFreeHeap 9529->9527 9530->9527 9531 b2c3f5 CreateFileW 9530->9531 9533 b2c592 9530->9533 9532 b2c449 WriteFile 9531->9532 9531->9533 9532->9533 9534 b2c464 RegCreateKeyExW 9532->9534 9533->9529 9534->9533 9535 b2c48d RegSetValueExW 9534->9535 9537 b2c589 NtClose 9535->9537 9538 b2c4bf RegCreateKeyExW 9535->9538 9537->9533 9538->9537 9540 b2c53a RegSetValueExW 9538->9540 9540->9537 9542 b2c56e SHChangeNotify 9540->9542 9542->9537 9544 b2e230 9543->9544 9622 b2e2ac 9544->9622 9546 b2e286 9547 b29ac8 9546->9547 9548 b2684c RtlFreeHeap 9546->9548 9547->9264 9548->9547 9550 b2b46d 9549->9550 9551 b26830 RtlAllocateHeap 9550->9551 9552 b2999e 9550->9552 9554 b2b4a6 9551->9554 9552->9329 9555 b2ba18 9552->9555 9553 b2684c RtlFreeHeap 9553->9552 9554->9552 9554->9553 9557 b2ba2d 9555->9557 9556 b2bac2 9556->9329 9557->9556 9626 b29710 9557->9626 9560 b2684c RtlFreeHeap 9560->9556 9562 b2ae8f 9561->9562 9574 b2b044 9562->9574 9630 b2abf8 9562->9630 9564 b2ae9d 9565 b2af8b 9564->9565 9566 b2b09f 9564->9566 9564->9574 9568 b26db0 RtlAllocateHeap 9565->9568 9565->9574 9567 b26db0 RtlAllocateHeap 9566->9567 9566->9574 9570 b2b0ce 9567->9570 9569 b2afbe 9568->9569 9572 b2684c RtlFreeHeap 9569->9572 9569->9574 9571 b2684c RtlFreeHeap 9570->9571 9570->9574 9571->9574 9573 b2afe0 9572->9573 9573->9574 9575 b26db0 RtlAllocateHeap 9573->9575 9574->9331 9576 b2b026 9575->9576 9576->9574 9577 b2684c RtlFreeHeap 9576->9577 9577->9574 9579 b2b529 9578->9579 9580 b26830 RtlAllocateHeap 9579->9580 9581 b2b5b3 9579->9581 9583 b2b562 9580->9583 9581->9346 9582 b2684c RtlFreeHeap 9582->9581 9583->9581 9583->9582 9585 b33154 9584->9585 9587 b331b2 9585->9587 9639 b32eb4 9585->9639 9587->9335 9589 b26830 RtlAllocateHeap 9588->9589 9590 b26dc1 9589->9590 9590->9457 9592 b26ed3 9591->9592 9597 b26e54 9592->9597 9594 b26ef3 9595 b2684c RtlFreeHeap 9594->9595 9596 b26f07 9595->9596 9596->9483 9598 b26830 RtlAllocateHeap 9597->9598 9599 b26e77 9598->9599 9599->9594 9601 b26830 RtlAllocateHeap 9600->9601 9606 b297c6 9601->9606 9602 b297c9 NtQuerySystemInformation 9602->9606 9609 b297df 9602->9609 9603 b297fc 9605 b2684c RtlFreeHeap 9603->9605 9607 b29804 9605->9607 9606->9602 9606->9603 9615 b26868 9606->9615 9607->9504 9608 b2684c RtlFreeHeap 9610 b29842 9608->9610 9609->9608 9610->9504 9614 b29875 9611->9614 9612 b29947 9612->9506 9613 b2993e NtClose 9613->9612 9614->9612 9614->9613 9618 b210ac 9615->9618 9617 b26870 RtlReAllocateHeap 9617->9606 9618->9617 9620 b26830 RtlAllocateHeap 9619->9620 9621 b26df2 9620->9621 9621->9516 9623 b2e2b8 9622->9623 9625 b2e2c5 9622->9625 9624 b26830 RtlAllocateHeap 9623->9624 9623->9625 9624->9625 9625->9546 9627 b29722 9626->9627 9629 b2974a 9626->9629 9628 b26830 RtlAllocateHeap 9627->9628 9628->9629 9629->9560 9631 b26830 RtlAllocateHeap 9630->9631 9632 b2ac1d 9631->9632 9633 b2ac53 9632->9633 9635 b26868 RtlReAllocateHeap 9632->9635 9638 b2ac36 9632->9638 9634 b2684c RtlFreeHeap 9633->9634 9634->9638 9635->9632 9636 b2684c RtlFreeHeap 9637 b2ad80 9636->9637 9637->9564 9638->9564 9638->9636 9641 b32ec5 9639->9641 9640 b33053 9640->9587 9641->9640 9643 b2b390 9641->9643 9644 b2b3a2 9643->9644 9645 b2b39f 9643->9645 9644->9645 9646 b2b3e9 NtSetInformationThread 9644->9646 9645->9640 9647 b2b3fe 9646->9647 9648 b2b3ff NtClose 9646->9648 9647->9648 9648->9645 9650 b29b93 9649->9650 9651 b29c2e 9649->9651 9931 b27f8c 9650->9931 9658 b36f90 9651->9658 9654 b29be1 9655 b29c01 CreateMutexW 9654->9655 9935 b268b4 9655->9935 9656 b30410 13 API calls 9656->9654 9671 b36fad 9658->9671 9659 b3705b 9660 b370a1 CreateThread CreateThread 9659->9660 9661 b37076 CreateThread 9659->9661 9663 b370da 9660->9663 9664 b370df 9660->9664 10427 b27438 GetLogicalDriveStringsW 9660->10427 10432 b277fc CoInitialize 9660->10432 9661->9660 9662 b37091 9661->9662 10412 b28f38 RtlAdjustPrivilege 9661->10412 9662->9660 9941 b27c74 OpenSCManagerW 9663->9941 9667 b37100 9664->9667 9668 b370e8 CreateThread 9664->9668 9665 b37018 9665->9659 9670 b29c34 3 API calls 9665->9670 9676 b3717d 9667->9676 9949 b2b690 9667->9949 9668->9667 10463 b27e28 9668->10463 9670->9659 9671->9659 9671->9665 10075 b29c34 9671->10075 9673 b371c7 NtTerminateThread 9674 b371db 9673->9674 9678 b371e4 CreateThread 9674->9678 9679 b371ff 9674->9679 9676->9673 9676->9674 9678->9679 10407 b295f8 9678->10407 9682 b3721f 9679->9682 9683 b372ee 9679->9683 9681 b3715d 9686 b37170 9681->9686 9691 b2e214 2 API calls 9681->9691 9687 b37228 CreateThread 9682->9687 9708 b37243 9682->9708 10100 b31890 9683->10100 9699 b2e214 2 API calls 9686->9699 9687->9708 10434 b2bfc0 9687->10434 9690 b37295 9693 b2b5d0 NtQueryInformationToken 9690->9693 9692 b3716b 9691->9692 9999 b2fbe4 9692->9999 9697 b3729a 9693->9697 9695 b2e214 2 API calls 9700 b3714e 9695->9700 9701 b372a5 9697->9701 9702 b3729e 9697->9702 9699->9676 9971 b30994 9700->9971 10036 b28200 9701->10036 10096 b28930 9702->10096 9708->9690 10021 b2d95c 9708->10021 9709 b372a3 9715 b372ec 9709->9715 10069 b29610 9709->10069 9710 b2e214 2 API calls 9711 b37158 9710->9711 9975 b30b40 9711->9975 9715->9355 9717 b30410 13 API calls 9717->9715 9719 b268fc RtlAllocateHeap 9718->9719 9720 b31fd0 9719->9720 9721 b31ff2 9720->9721 9722 b32001 9720->9722 9732 b32069 9720->9732 10613 b2ff5c 9721->10613 10639 b273f8 9722->10639 9726 b32061 9728 b2684c RtlFreeHeap 9726->9728 9727 b32046 9727->9726 9729 b3207e 9727->9729 9730 b26830 RtlAllocateHeap 9727->9730 9727->9732 9733 b320f2 9727->9733 9734 b2a308 2 API calls 9727->9734 9735 b322cb 9727->9735 9738 b321ea 9727->9738 9740 b321fd 9727->9740 9741 b2a250 NtSetInformationThread NtClose 9727->9741 9742 b321cd 9727->9742 9743 b322fd 9727->9743 9744 b2684c RtlFreeHeap 9727->9744 9746 b32221 9727->9746 9747 b322de 9727->9747 9765 b2ab38 NtSetInformationThread NtClose 9727->9765 10645 b2a928 9727->10645 9728->9732 9731 b2684c RtlFreeHeap 9729->9731 9730->9727 9731->9732 9732->9355 9736 b2684c RtlFreeHeap 9733->9736 9734->9727 9737 b2684c RtlFreeHeap 9735->9737 9736->9732 9737->9732 9739 b2684c RtlFreeHeap 9738->9739 9739->9732 10651 b2a3ac 9740->10651 9741->9727 9745 b2684c RtlFreeHeap 9742->9745 9748 b2694c RtlAllocateHeap 9743->9748 9744->9727 9745->9732 9752 b32289 9746->9752 9753 b3227f 9746->9753 9747->9743 9754 b322f3 9747->9754 9755 b32356 9748->9755 10655 b26a3c 9752->10655 9757 b2694c RtlAllocateHeap 9753->9757 9759 b2684c RtlFreeHeap 9754->9759 9760 b2684c RtlFreeHeap 9755->9760 9756 b32214 9762 b2684c RtlFreeHeap 9756->9762 9763 b32287 9757->9763 9759->9732 9761 b3235f 9760->9761 9761->9732 9766 b308c8 10 API calls 9761->9766 9762->9732 9764 b2684c RtlFreeHeap 9763->9764 9767 b3229a 9764->9767 9765->9727 9766->9732 9767->9732 10659 b308c8 9767->10659 9770 b31c84 2 API calls 9769->9770 9771 b31e5e 9770->9771 9772 b31e83 9771->9772 9773 b31e62 9771->9773 9774 b29610 2 API calls 9772->9774 9775 b31e7e 9773->9775 9777 b30410 13 API calls 9773->9777 9776 b31e88 9774->9776 9775->9355 9778 b31e96 9776->9778 9779 b31e8c 9776->9779 9777->9775 9782 b31fb2 9778->9782 9783 b31f11 9778->9783 9785 b29c34 3 API calls 9778->9785 9780 b36f90 137 API calls 9779->9780 9781 b31e91 9780->9781 9781->9355 9782->9355 9784 b31f5a 9783->9784 9788 b29c34 3 API calls 9783->9788 10668 b30d8c 9784->10668 9785->9783 9788->9784 9793 b30df4 3 API calls 9794 b31f9f 9793->9794 10716 b310cc 9794->10716 9797 b28200 14 API calls 9798 b31fab 9797->9798 9799 b31608 2 API calls 9798->9799 9799->9782 10755 b31b44 9800->10755 9803 b28200 14 API calls 9804 b3731b 9803->9804 9805 b2b5d0 NtQueryInformationToken 9804->9805 9809 b37334 9805->9809 9806 b373ac 9806->9355 9807 b29610 2 API calls 9808 b3738c 9807->9808 9810 b30410 13 API calls 9808->9810 9809->9806 9809->9807 9810->9806 9812 b338b0 RtlAllocateHeap 9811->9812 9813 b36f0e 9812->9813 9814 b36f7d 9813->9814 9817 b36f52 9813->9817 10769 b363ec 9813->10769 9815 b36f8b 9814->9815 9816 b2684c RtlFreeHeap 9814->9816 9826 b36b18 9815->9826 9816->9815 10787 b33dfc 9817->10787 9823 b36f73 9825 b33dfc 2 API calls 9823->9825 9825->9814 9827 b36cfb 9826->9827 9828 b36b2c 9826->9828 9827->9355 9829 b338b0 RtlAllocateHeap 9828->9829 9834 b36b3c 9829->9834 9830 b36be2 9831 b2684c RtlFreeHeap 9830->9831 9832 b36ced 9830->9832 9831->9832 9832->9827 9833 b2684c RtlFreeHeap 9832->9833 9833->9827 9834->9830 9835 b26830 RtlAllocateHeap 9834->9835 9836 b36c04 9835->9836 9836->9830 11095 b365e4 9836->11095 9839 b338b0 RtlAllocateHeap 9838->9839 9842 b3387a 9839->9842 9840 b3389e 9841 b338ac 9840->9841 9843 b2684c RtlFreeHeap 9840->9843 9841->9355 9842->9840 11105 b336e0 9842->11105 9843->9841 9846 b36d20 9845->9846 9847 b26db0 RtlAllocateHeap 9846->9847 9848 b36e31 9847->9848 9849 b26db0 RtlAllocateHeap 9848->9849 9858 b36e3a 9848->9858 9850 b36e4b 9849->9850 9854 b26db0 RtlAllocateHeap 9850->9854 9850->9858 9851 b36ed7 9853 b36ee5 9851->9853 9855 b2684c RtlFreeHeap 9851->9855 9852 b2684c RtlFreeHeap 9852->9851 9856 b36ef3 9853->9856 9857 b2684c RtlFreeHeap 9853->9857 9854->9858 9855->9853 9856->9381 9857->9856 9858->9851 9858->9852 9860 b30445 9859->9860 9861 b26db0 RtlAllocateHeap 9860->9861 9862 b304be 9861->9862 9863 b26830 RtlAllocateHeap 9862->9863 9864 b304c7 9862->9864 9866 b304de 9863->9866 9865 b3088c 9864->9865 9867 b2684c RtlFreeHeap 9864->9867 9868 b3089a 9865->9868 9870 b2684c RtlFreeHeap 9865->9870 9866->9864 11123 b30294 9866->11123 9867->9865 9871 b308a8 9868->9871 9872 b2684c RtlFreeHeap 9868->9872 9870->9868 9873 b308b6 9871->9873 9875 b2684c RtlFreeHeap 9871->9875 9872->9871 9873->9355 9874 b3050f 9874->9864 9876 b30530 GetTempFileNameW CreateFileW 9874->9876 9875->9873 9876->9864 9877 b30575 WriteFile 9876->9877 9877->9864 9878 b30591 CreateProcessW 9877->9878 9878->9864 9880 b305fb NtQueryInformationProcess 9878->9880 9880->9864 9881 b3061f NtReadVirtualMemory 9880->9881 9881->9864 9882 b30646 9881->9882 9883 b26db0 RtlAllocateHeap 9882->9883 9884 b30650 9883->9884 9884->9864 9885 b306b4 NtProtectVirtualMemory 9884->9885 9885->9864 9886 b306e0 NtWriteVirtualMemory 9885->9886 9886->9864 9887 b306fa 9886->9887 9887->9864 9888 b30785 CreateNamedPipeW 9887->9888 9888->9864 9889 b307f1 ResumeThread ConnectNamedPipe 9888->9889 9889->9864 9891 b2a32b 9890->9891 9892 b2a345 9891->9892 9893 b2b390 2 API calls 9891->9893 9892->9390 9892->9391 9893->9892 9895 b268fc RtlAllocateHeap 9894->9895 9926 b3239c 9895->9926 9896 b32422 9896->9355 9897 b2a308 2 API calls 9897->9926 9898 b32518 9899 b2684c RtlFreeHeap 9898->9899 9899->9896 9900 b32437 9903 b2684c RtlFreeHeap 9900->9903 9901 b3244a 9907 b2a3ac 2 API calls 9901->9907 9902 b2a250 NtSetInformationThread NtClose 9902->9926 9903->9896 9904 b3241a 9908 b2684c RtlFreeHeap 9904->9908 9905 b3254a 9906 b2694c RtlAllocateHeap 9905->9906 9911 b325a3 9906->9911 9912 b3245d 9907->9912 9908->9896 9909 b3246e 9913 b324d6 9909->9913 9914 b324cc 9909->9914 9910 b3252b 9910->9905 9915 b32540 9910->9915 9917 b2684c RtlFreeHeap 9911->9917 9912->9909 9918 b32461 9912->9918 9920 b26a3c RtlAllocateHeap 9913->9920 9919 b2694c RtlAllocateHeap 9914->9919 9916 b2684c RtlFreeHeap 9915->9916 9916->9896 9921 b325ac 9917->9921 9922 b2684c RtlFreeHeap 9918->9922 9923 b324d4 9919->9923 9920->9923 9921->9896 9927 b308c8 10 API calls 9921->9927 9922->9896 9925 b2684c RtlFreeHeap 9923->9925 9924 b2ab38 NtSetInformationThread NtClose 9924->9926 9929 b324e7 9925->9929 9926->9896 9926->9897 9926->9898 9926->9900 9926->9901 9926->9902 9926->9904 9926->9905 9926->9909 9926->9910 9926->9924 9928 b2684c RtlFreeHeap 9926->9928 9927->9896 9928->9926 9929->9896 9930 b308c8 10 API calls 9929->9930 9930->9896 9932 b27fa5 9931->9932 9934 b2805e 9932->9934 9938 b26888 9932->9938 9934->9654 9934->9656 9936 b2684c RtlFreeHeap 9935->9936 9937 b268c3 9936->9937 9937->9651 9939 b26830 RtlAllocateHeap 9938->9939 9940 b2689e 9939->9940 9940->9934 9942 b27ca2 9941->9942 9943 b27daa 9941->9943 9945 b26830 RtlAllocateHeap 9942->9945 9944 b27dc7 9943->9944 9946 b2684c RtlFreeHeap 9943->9946 9944->9664 9947 b27cd1 9945->9947 9946->9944 9947->9943 10129 b2dbbc 9947->10129 9950 b26888 RtlAllocateHeap 9949->9950 9951 b2b698 9950->9951 9952 b2b6e0 9951->9952 9953 b2b69e NtSetInformationProcess NtSetInformationProcess NtSetInformationProcess 9951->9953 9955 b2e144 9952->9955 9954 b268b4 RtlFreeHeap 9953->9954 9954->9952 9958 b2e151 9955->9958 9956 b2e1b6 9956->9676 9956->9681 9960 b2a65c 9956->9960 9957 b2e186 CreateThread 9957->9958 10133 b2ddd4 SetThreadPriority 9957->10133 9958->9956 9958->9957 9959 b2e1a7 NtClose 9958->9959 9959->9958 9961 b2a683 GetVolumeNameForVolumeMountPointW 9960->9961 9963 b2a6c6 FindFirstVolumeW 9961->9963 9964 b2a917 9963->9964 9969 b2a6e2 9963->9969 9964->9695 9965 b2a6fb GetVolumePathNamesForVolumeNameW 9965->9969 9966 b2a72c GetDriveTypeW 9966->9969 9967 b2a7cd CreateFileW 9968 b2a7f3 DeviceIoControl 9967->9968 9967->9969 9968->9969 9969->9964 9969->9965 9969->9966 9969->9967 9970 b2a5d0 6 API calls 9969->9970 9970->9969 9972 b309ee 9971->9972 9974 b30a68 9972->9974 10141 b2694c 9972->10141 9974->9710 9976 b30b55 9975->9976 10145 b2a458 CreateThread 9976->10145 9978 b30b67 9979 b26830 RtlAllocateHeap 9978->9979 9997 b30b6d 9978->9997 9981 b30b7f 9979->9981 9980 b30d66 9983 b30d74 9980->9983 9985 b2684c RtlFreeHeap 9980->9985 9984 b2a458 6 API calls 9981->9984 9981->9997 9982 b2684c RtlFreeHeap 9982->9980 9986 b30d82 9983->9986 9987 b2684c RtlFreeHeap 9983->9987 9988 b30b9c 9984->9988 9985->9983 9986->9681 9987->9986 9989 b26830 RtlAllocateHeap 9988->9989 9988->9997 9990 b30bb7 9989->9990 9991 b26830 RtlAllocateHeap 9990->9991 9990->9997 9994 b30bd2 9991->9994 9993 b2694c RtlAllocateHeap 9995 b30c2e CreateThread 9993->9995 9994->9993 9996 b2694c RtlAllocateHeap 9994->9996 9994->9997 9998 b2b390 2 API calls 9994->9998 10153 b2a190 CreateThread 9994->10153 9995->9994 10163 b2f264 GetFileAttributesW 9995->10163 9996->9994 9997->9980 9997->9982 9998->9994 10000 b2fc10 9999->10000 10001 b26830 RtlAllocateHeap 10000->10001 10002 b2fc1d 10001->10002 10016 b2fc26 10002->10016 10326 b2f788 CoInitialize 10002->10326 10004 b2ff37 10007 b2ff45 10004->10007 10008 b2684c RtlFreeHeap 10004->10008 10006 b2684c RtlFreeHeap 10006->10004 10009 b2ff53 10007->10009 10011 b2684c RtlFreeHeap 10007->10011 10008->10007 10009->9686 10010 b26830 RtlAllocateHeap 10012 b2fc53 10010->10012 10011->10009 10013 b26830 RtlAllocateHeap 10012->10013 10012->10016 10020 b2fc6e 10013->10020 10014 b2f4f8 NtSetInformationThread NtClose 10014->10020 10016->10004 10016->10006 10017 b2684c RtlFreeHeap 10017->10020 10018 b2f634 NtSetInformationThread NtClose 10018->10020 10019 b2b390 2 API calls 10019->10020 10020->10014 10020->10016 10020->10017 10020->10018 10020->10019 10332 b269a8 10020->10332 10336 b2ce38 10021->10336 10023 b2dac6 10026 b2dad4 10023->10026 10027 b2684c RtlFreeHeap 10023->10027 10024 b2d995 10030 b26db0 RtlAllocateHeap 10024->10030 10031 b2d99e 10024->10031 10025 b2684c RtlFreeHeap 10025->10023 10028 b2dae2 10026->10028 10029 b2684c RtlFreeHeap 10026->10029 10027->10026 10028->9690 10029->10028 10032 b2d9eb 10030->10032 10031->10023 10031->10025 10032->10031 10033 b26830 RtlAllocateHeap 10032->10033 10034 b2da21 10033->10034 10034->10031 10340 b2cf28 10034->10340 10037 b2825b 10036->10037 10041 b28260 10036->10041 10038 b288d9 10037->10038 10039 b2684c RtlFreeHeap 10037->10039 10040 b2684c RtlFreeHeap 10038->10040 10043 b288e7 10038->10043 10039->10038 10040->10043 10041->10037 10379 b30df4 10041->10379 10043->9709 10044 b282bd 10044->10037 10045 b26830 RtlAllocateHeap 10044->10045 10046 b2839f 10045->10046 10046->10037 10047 b283d1 10046->10047 10048 b283b7 10046->10048 10049 b26db0 RtlAllocateHeap 10047->10049 10050 b26db0 RtlAllocateHeap 10048->10050 10051 b283c1 10049->10051 10050->10051 10051->10037 10052 b28404 10051->10052 10054 b28418 10051->10054 10053 b2684c RtlFreeHeap 10052->10053 10053->10037 10054->10037 10055 b284cb DrawTextW 10054->10055 10055->10037 10056 b284f3 10055->10056 10056->10037 10057 b2862d CreateFileW 10056->10057 10057->10037 10058 b28656 WriteFile 10057->10058 10058->10037 10059 b28677 WriteFile 10058->10059 10059->10037 10060 b28695 WriteFile 10059->10060 10060->10037 10061 b286b3 10060->10061 10386 b26c60 10061->10386 10063 b286d5 10063->10037 10064 b28758 RegCreateKeyExW 10063->10064 10064->10037 10065 b28789 10064->10065 10066 b287c2 RegSetValueExW 10065->10066 10066->10037 10067 b287ef 10066->10067 10068 b2884e RegSetValueExW 10067->10068 10068->10037 10072 b29639 10069->10072 10070 b29705 10070->9717 10071 b2684c RtlFreeHeap 10071->10070 10074 b29668 10072->10074 10392 b2c820 10072->10392 10074->10070 10074->10071 10077 b29c66 10075->10077 10076 b29c6a 10076->9665 10077->10076 10398 b338b0 10077->10398 10079 b2a01a 10081 b2a02e 10079->10081 10083 b2684c RtlFreeHeap 10079->10083 10080 b2684c RtlFreeHeap 10080->10079 10082 b2a042 10081->10082 10084 b2684c RtlFreeHeap 10081->10084 10085 b2a056 10082->10085 10086 b2684c RtlFreeHeap 10082->10086 10083->10081 10084->10082 10085->9665 10086->10085 10087 b29de1 10088 b2b5d0 NtQueryInformationToken 10087->10088 10092 b29df0 10087->10092 10089 b29eb2 10088->10089 10090 b26db0 RtlAllocateHeap 10089->10090 10089->10092 10091 b29ef5 10090->10091 10091->10092 10093 b26db0 RtlAllocateHeap 10091->10093 10092->10079 10092->10080 10094 b29f15 10093->10094 10094->10092 10095 b26db0 RtlAllocateHeap 10094->10095 10095->10092 10097 b28941 10096->10097 10098 b2b390 2 API calls 10097->10098 10099 b28b3c 10097->10099 10098->10099 10099->9709 10101 b26db0 RtlAllocateHeap 10100->10101 10103 b318c3 10101->10103 10102 b31a04 10105 b31a12 10102->10105 10107 b2684c RtlFreeHeap 10102->10107 10113 b318cc 10103->10113 10401 b31814 10103->10401 10104 b2684c RtlFreeHeap 10104->10102 10108 b31a20 10105->10108 10109 b2684c RtlFreeHeap 10105->10109 10107->10105 10117 b31c84 10108->10117 10109->10108 10110 b31900 10111 b268fc RtlAllocateHeap 10110->10111 10110->10113 10112 b3191b 10111->10112 10112->10113 10114 b26db0 RtlAllocateHeap 10112->10114 10113->10102 10113->10104 10115 b31981 10114->10115 10116 b2684c RtlFreeHeap 10115->10116 10116->10113 10118 b31d88 10117->10118 10121 b31db6 10118->10121 10404 b31b90 10118->10404 10120 b31e47 10123 b31608 10120->10123 10121->10120 10122 b2684c RtlFreeHeap 10121->10122 10122->10120 10124 b31620 10123->10124 10125 b26db0 RtlAllocateHeap 10124->10125 10126 b3165a 10125->10126 10127 b31663 10126->10127 10128 b2684c RtlFreeHeap 10126->10128 10127->9715 10128->10127 10130 b2dc16 10129->10130 10131 b2dc2e 10130->10131 10132 b2dc1a NtTerminateProcess 10130->10132 10131->9947 10132->10131 10139 b2ddeb 10133->10139 10134 b2de4d ReadFile 10134->10139 10135 b2e006 WriteFile 10135->10139 10136 b2e0ac NtClose 10136->10139 10137 b2de3e 10138 b2684c RtlFreeHeap 10138->10139 10139->10134 10139->10135 10139->10136 10139->10137 10139->10138 10140 b2df8d WriteFile 10139->10140 10140->10139 10143 b26964 10141->10143 10142 b2697a 10142->9974 10143->10142 10144 b26830 RtlAllocateHeap 10143->10144 10144->10142 10146 b2a4f4 10145->10146 10148 b2a498 10145->10148 10161 b2a440 GetLogicalDriveStringsW 10145->10161 10146->9978 10147 b2a4ca ResumeThread 10150 b2a4de GetExitCodeThread 10147->10150 10148->10147 10149 b2b390 2 API calls 10148->10149 10151 b2a4a9 10149->10151 10150->10146 10151->10147 10152 b2a4ad 10151->10152 10152->9978 10154 b2a1c3 10153->10154 10155 b2a21f 10153->10155 10162 b2a180 GetDriveTypeW 10153->10162 10156 b2a1f5 ResumeThread 10154->10156 10157 b2b390 2 API calls 10154->10157 10155->9994 10159 b2a209 GetExitCodeThread 10156->10159 10158 b2a1d4 10157->10158 10158->10156 10160 b2a1d8 10158->10160 10159->10155 10160->9994 10164 b2f2db SetThreadPriority 10163->10164 10165 b2f27d 10163->10165 10169 b2f2ea 10164->10169 10166 b2f2cd 10165->10166 10245 b2a064 FindFirstFileExW 10165->10245 10167 b2684c RtlFreeHeap 10166->10167 10170 b2f2d5 10167->10170 10172 b26830 RtlAllocateHeap 10169->10172 10187 b2f309 10172->10187 10173 b2f2a7 10174 b2c0f8 10 API calls 10173->10174 10176 b2f2b1 10174->10176 10179 b2eec8 15 API calls 10176->10179 10178 b2684c RtlFreeHeap 10181 b2f339 FindFirstFileExW 10178->10181 10180 b2f2c7 10179->10180 10181->10187 10182 b2684c RtlFreeHeap 10182->10187 10183 b2f4a8 10184 b2684c RtlFreeHeap 10183->10184 10186 b2f4cb 10184->10186 10185 b2f470 FindNextFileW 10185->10187 10188 b2f488 FindClose 10185->10188 10187->10178 10187->10182 10187->10183 10187->10185 10189 b2f124 RtlAllocateHeap 10187->10189 10191 b2c0f8 10187->10191 10210 b2f0c0 10187->10210 10214 b2eec8 10187->10214 10188->10187 10189->10187 10192 b2c114 10191->10192 10209 b2c10f 10191->10209 10248 b268fc 10192->10248 10195 b2c12c GetFileAttributesW 10196 b2c13c 10195->10196 10197 b2c181 10196->10197 10198 b2c19a 10196->10198 10199 b2c1e8 5 API calls 10197->10199 10200 b2c1b1 GetFileAttributesW 10198->10200 10208 b2c1a2 10198->10208 10201 b2c189 10199->10201 10203 b2c1ca CopyFileW 10200->10203 10204 b2c1be 10200->10204 10206 b2684c RtlFreeHeap 10201->10206 10205 b2684c RtlFreeHeap 10203->10205 10207 b2684c RtlFreeHeap 10204->10207 10205->10209 10206->10209 10207->10208 10252 b2c1e8 CreateFileW 10208->10252 10209->10187 10211 b2f0d8 10210->10211 10212 b2f0ee 10211->10212 10213 b26830 RtlAllocateHeap 10211->10213 10212->10187 10213->10212 10215 b2f0b1 10214->10215 10216 b2eee9 10214->10216 10215->10187 10263 b2e308 10216->10263 10219 b2f0a9 10220 b2684c RtlFreeHeap 10219->10220 10220->10215 10222 b2ef01 10222->10219 10223 b2ef15 10222->10223 10224 b2ef28 10222->10224 10277 b2eb5c 10223->10277 10301 b2ec40 10224->10301 10227 b2ef23 10227->10219 10228 b2ef43 MoveFileExW 10227->10228 10229 b2ef90 10227->10229 10232 b2684c RtlFreeHeap 10227->10232 10234 b2ec40 RtlAllocateHeap 10227->10234 10237 b2ef55 10227->10237 10228->10227 10228->10237 10230 b2684c RtlFreeHeap 10229->10230 10230->10237 10231 b2efad CreateFileW 10233 b2efd1 10231->10233 10236 b2efd6 10231->10236 10232->10227 10233->10219 10235 b2684c RtlFreeHeap 10233->10235 10234->10227 10235->10219 10281 b2ec8c 10236->10281 10237->10231 10237->10233 10240 b2efff CreateIoCompletionPort 10241 b2f016 10240->10241 10243 b2f038 10240->10243 10242 b2684c RtlFreeHeap 10241->10242 10242->10233 10243->10233 10244 b2684c RtlFreeHeap 10243->10244 10244->10233 10246 b2a0b5 10245->10246 10247 b2a095 FindClose 10245->10247 10246->10166 10246->10173 10247->10246 10249 b26912 10248->10249 10250 b26929 10249->10250 10251 b26830 RtlAllocateHeap 10249->10251 10250->10195 10250->10209 10251->10250 10253 b2c349 10252->10253 10254 b2c219 10252->10254 10253->10209 10255 b2c251 WriteFile 10254->10255 10256 b2c288 WriteFile 10255->10256 10259 b2c276 10255->10259 10257 b2c2c1 WriteFile 10256->10257 10258 b2c2af 10256->10258 10260 b2c2e6 10257->10260 10261 b2c2f8 WriteFile 10257->10261 10258->10209 10259->10209 10260->10209 10261->10254 10262 b2c31f 10261->10262 10262->10209 10264 b2e321 SetFileAttributesW CreateFileW 10263->10264 10265 b2e367 10264->10265 10266 b2e34f 10264->10266 10265->10219 10268 b2e3b8 SetFileAttributesW CreateFileW 10265->10268 10266->10264 10266->10265 10305 b2dda4 10266->10305 10269 b2e3f8 SetFilePointerEx 10268->10269 10270 b2e46d 10268->10270 10271 b2e417 ReadFile 10269->10271 10272 b2e464 NtClose 10269->10272 10270->10222 10271->10272 10273 b2e436 10271->10273 10272->10270 10274 b2e2ac RtlAllocateHeap 10273->10274 10275 b2e447 10274->10275 10275->10272 10276 b2684c RtlFreeHeap 10275->10276 10276->10272 10278 b2eb69 10277->10278 10279 b268fc RtlAllocateHeap 10278->10279 10280 b2eb75 10279->10280 10280->10227 10282 b2ecbc 10281->10282 10283 b2eced 10282->10283 10284 b2e214 2 API calls 10282->10284 10285 b26830 RtlAllocateHeap 10283->10285 10284->10283 10292 b2ecf9 10285->10292 10286 b2ee95 10288 b2eea3 10286->10288 10289 b2684c RtlFreeHeap 10286->10289 10287 b2684c RtlFreeHeap 10287->10286 10290 b2eeb1 10288->10290 10291 b2684c RtlFreeHeap 10288->10291 10289->10288 10290->10233 10290->10240 10291->10290 10293 b26830 RtlAllocateHeap 10292->10293 10300 b2ee40 10292->10300 10294 b2ed56 10293->10294 10295 b26830 RtlAllocateHeap 10294->10295 10294->10300 10296 b2ed85 10295->10296 10297 b26830 RtlAllocateHeap 10296->10297 10296->10300 10298 b2ee37 10297->10298 10299 b2684c RtlFreeHeap 10298->10299 10298->10300 10299->10300 10300->10286 10300->10287 10302 b2ec4e 10301->10302 10303 b268fc RtlAllocateHeap 10302->10303 10304 b2ec5d 10303->10304 10304->10227 10306 b2ddaf 10305->10306 10307 b2ddbc 10306->10307 10311 b2dc40 10306->10311 10308 b2ddc2 Sleep 10307->10308 10309 b2ddcd 10307->10309 10308->10309 10309->10266 10314 b2dc77 10311->10314 10312 b2dd4c 10313 b2dd99 10312->10313 10315 b2684c RtlFreeHeap 10312->10315 10313->10307 10314->10312 10316 b26830 RtlAllocateHeap 10314->10316 10315->10313 10317 b2dcd0 10316->10317 10317->10312 10318 b26868 RtlReAllocateHeap 10317->10318 10319 b2dcf9 10317->10319 10318->10317 10319->10312 10321 b2dbbc NtTerminateProcess 10319->10321 10322 b2daec 10319->10322 10321->10319 10324 b2db0c 10322->10324 10323 b2db89 10323->10319 10324->10323 10325 b2dbbc NtTerminateProcess 10324->10325 10325->10323 10327 b2f96e 10326->10327 10329 b2f7c5 10326->10329 10327->10010 10327->10016 10328 b26830 RtlAllocateHeap 10328->10329 10329->10328 10330 b2f84a 10329->10330 10330->10327 10331 b26830 RtlAllocateHeap 10330->10331 10331->10330 10333 b269c1 10332->10333 10334 b26830 RtlAllocateHeap 10333->10334 10335 b269e1 10334->10335 10335->10020 10338 b2ce54 10336->10338 10337 b2ced9 10337->10024 10338->10337 10339 b26830 RtlAllocateHeap 10338->10339 10339->10337 10341 b2cf80 10340->10341 10343 b2cf7b 10340->10343 10342 b26830 RtlAllocateHeap 10341->10342 10341->10343 10353 b2cfc1 10342->10353 10344 b2d3ba 10343->10344 10345 b2684c RtlFreeHeap 10343->10345 10346 b2d3c8 10344->10346 10347 b2684c RtlFreeHeap 10344->10347 10345->10344 10348 b2d3d6 10346->10348 10349 b2684c RtlFreeHeap 10346->10349 10347->10346 10350 b2d3e4 10348->10350 10351 b2684c RtlFreeHeap 10348->10351 10349->10348 10352 b2d3f2 10350->10352 10354 b2684c RtlFreeHeap 10350->10354 10351->10350 10355 b2d400 10352->10355 10358 b2684c RtlFreeHeap 10352->10358 10353->10343 10367 b2d5d8 10353->10367 10354->10352 10355->10031 10357 b2cfea 10357->10343 10371 b2d40c 10357->10371 10358->10355 10360 b2cffd 10360->10343 10375 b2d594 10360->10375 10363 b26db0 RtlAllocateHeap 10364 b2d028 10363->10364 10364->10343 10365 b26830 RtlAllocateHeap 10364->10365 10366 b2684c RtlFreeHeap 10364->10366 10365->10364 10366->10364 10368 b2d603 10367->10368 10369 b26830 RtlAllocateHeap 10368->10369 10370 b2d700 10369->10370 10370->10357 10372 b2d49c 10371->10372 10373 b26830 RtlAllocateHeap 10372->10373 10374 b2d4da 10373->10374 10374->10360 10376 b2d5b3 10375->10376 10377 b26db0 RtlAllocateHeap 10376->10377 10378 b2d010 10377->10378 10378->10343 10378->10363 10380 b30e3b 10379->10380 10381 b30f4a RegCreateKeyExW 10380->10381 10385 b30e88 10380->10385 10382 b30f77 RegQueryValueExW 10381->10382 10381->10385 10383 b30fa6 10382->10383 10384 b30ff2 RegDeleteKeyExW 10383->10384 10383->10385 10384->10385 10385->10044 10387 b26c83 10386->10387 10388 b26c9a NtQueryInformationToken 10386->10388 10387->10388 10389 b26c95 10387->10389 10388->10389 10390 b26cec 10389->10390 10391 b2684c RtlFreeHeap 10389->10391 10390->10063 10391->10390 10393 b2c841 10392->10393 10394 b26830 RtlAllocateHeap 10393->10394 10396 b2c851 10394->10396 10395 b2c873 10395->10074 10396->10395 10397 b2684c RtlFreeHeap 10396->10397 10397->10395 10399 b26830 RtlAllocateHeap 10398->10399 10400 b338c7 10399->10400 10400->10087 10402 b26830 RtlAllocateHeap 10401->10402 10403 b3182a 10402->10403 10403->10110 10405 b26830 RtlAllocateHeap 10404->10405 10406 b31baa 10405->10406 10406->10121 10473 b29198 10407->10473 10409 b295fd 10410 b2960c 10409->10410 10490 b2908c 10409->10490 10413 b297a8 4 API calls 10412->10413 10414 b28f70 10413->10414 10415 b29850 NtClose 10414->10415 10416 b28fe0 10414->10416 10417 b28f7e 10415->10417 10418 b29005 10416->10418 10517 b28e9c 10416->10517 10417->10416 10419 b28f87 NtSetInformationThread 10417->10419 10419->10416 10421 b28f9b 10419->10421 10502 b28d78 10421->10502 10424 b29850 NtClose 10425 b28fbe 10424->10425 10425->10416 10511 b28bb0 10425->10511 10428 b27483 10427->10428 10429 b2745b 10427->10429 10429->10428 10430 b27464 GetDriveTypeW 10429->10430 10520 b2748c 10429->10520 10430->10429 10433 b27831 10432->10433 10435 b26db0 RtlAllocateHeap 10434->10435 10436 b2bfdc 10435->10436 10437 b2c0c7 10436->10437 10439 b26830 RtlAllocateHeap 10436->10439 10438 b2c0d5 10437->10438 10440 b2684c RtlFreeHeap 10437->10440 10441 b2c0e3 10438->10441 10442 b2684c RtlFreeHeap 10438->10442 10445 b2bff3 10439->10445 10440->10438 10443 b2c0f1 10441->10443 10444 b2684c RtlFreeHeap 10441->10444 10442->10441 10444->10443 10445->10437 10446 b2684c RtlFreeHeap 10445->10446 10447 b2c021 10446->10447 10448 b26830 RtlAllocateHeap 10447->10448 10449 b2c031 10448->10449 10449->10437 10450 b26eac 2 API calls 10449->10450 10451 b2c047 10450->10451 10452 b2684c RtlFreeHeap 10451->10452 10453 b2c064 10452->10453 10580 b2bef0 10453->10580 10456 b2c0a6 10458 b2bef0 9 API calls 10456->10458 10457 b2b390 2 API calls 10457->10456 10459 b2c0b1 10458->10459 10460 b2bef0 9 API calls 10459->10460 10461 b2c0bc 10460->10461 10462 b2bef0 9 API calls 10461->10462 10462->10437 10464 b27e30 10463->10464 10465 b26830 RtlAllocateHeap 10464->10465 10466 b27e42 NtQuerySystemInformation 10464->10466 10467 b27e75 10464->10467 10468 b26868 RtlReAllocateHeap 10464->10468 10471 b2684c RtlFreeHeap 10464->10471 10465->10464 10466->10464 10469 b2684c RtlFreeHeap 10467->10469 10468->10464 10470 b27e7d 10469->10470 10472 b27f10 Sleep 10471->10472 10472->10464 10474 b29279 10473->10474 10475 b2943d RegCreateKeyExW 10474->10475 10476 b29497 RegCreateKeyExW 10475->10476 10485 b29471 RegEnumKeyW 10475->10485 10479 b295b2 10476->10479 10480 b2958c RegEnumKeyW 10476->10480 10479->10409 10480->10479 10484 b295b4 OpenEventLogW 10480->10484 10481 b2949c RegCreateKeyExW 10483 b294ca RegSetValueExW 10481->10483 10481->10485 10483->10485 10486 b294ec RegSetValueExW 10483->10486 10484->10480 10487 b295cc ClearEventLogW 10484->10487 10485->10476 10485->10481 10486->10485 10488 b2950a OpenEventLogW 10486->10488 10487->10480 10488->10485 10489 b29522 ClearEventLogW 10488->10489 10489->10485 10497 b2900c RtlAdjustPrivilege 10490->10497 10492 b29164 10493 b29185 10492->10493 10494 b2917c CloseServiceHandle 10492->10494 10493->10410 10494->10493 10495 b290a5 10495->10492 10496 b2dbbc NtTerminateProcess 10495->10496 10496->10492 10498 b297a8 4 API calls 10497->10498 10499 b29044 10498->10499 10500 b29850 NtClose 10499->10500 10501 b29052 10499->10501 10500->10501 10501->10495 10503 b297a8 4 API calls 10502->10503 10504 b28da3 10503->10504 10505 b28db0 OpenSCManagerW 10504->10505 10507 b28e83 10504->10507 10509 b28e53 10505->10509 10510 b28dc9 10505->10510 10506 b28e7a CloseServiceHandle 10506->10507 10507->10416 10507->10424 10508 b28e33 QueryServiceStatusEx 10508->10509 10508->10510 10509->10506 10509->10507 10510->10508 10510->10509 10512 b28be1 10511->10512 10514 b26830 RtlAllocateHeap 10512->10514 10516 b28c1d 10512->10516 10513 b28d6c 10513->10416 10514->10516 10515 b2684c RtlFreeHeap 10515->10513 10516->10513 10516->10515 10518 b297a8 4 API calls 10517->10518 10519 b28eb5 10518->10519 10519->10418 10528 b27560 10520->10528 10522 b274a4 10523 b274d6 FindFirstFileExW 10522->10523 10525 b27550 10522->10525 10523->10525 10526 b274fe 10523->10526 10524 b2753c FindNextFileW 10524->10525 10524->10526 10525->10429 10526->10524 10534 b2763c 10526->10534 10529 b27580 FindFirstFileExW 10528->10529 10531 b27632 10529->10531 10533 b275de FindClose 10529->10533 10531->10522 10533->10531 10536 b2765e 10534->10536 10535 b277f2 10535->10524 10536->10535 10537 b26830 RtlAllocateHeap 10536->10537 10542 b27676 10537->10542 10538 b277cd 10539 b277e4 10538->10539 10540 b2684c RtlFreeHeap 10538->10540 10539->10535 10541 b2684c RtlFreeHeap 10539->10541 10540->10539 10541->10535 10542->10538 10543 b276ae FindFirstFileExW 10542->10543 10543->10538 10549 b276d6 10543->10549 10544 b277b5 FindNextFileW 10544->10538 10544->10549 10545 b26830 RtlAllocateHeap 10545->10549 10546 b27750 GetFileAttributesW 10546->10549 10548 b2684c RtlFreeHeap 10548->10549 10549->10544 10549->10545 10549->10546 10549->10548 10550 b2763c 12 API calls 10549->10550 10551 b26654 10549->10551 10550->10549 10552 b2666a 10551->10552 10552->10552 10553 b2a064 2 API calls 10552->10553 10554 b26681 10553->10554 10555 b26691 CreateFileW 10554->10555 10558 b26791 10554->10558 10555->10558 10560 b266b9 10555->10560 10556 b266be NtAllocateVirtualMemory 10559 b266ef 10556->10559 10556->10560 10557 b267c0 NtFreeVirtualMemory 10557->10558 10558->10557 10561 b267e5 10558->10561 10559->10558 10566 b2674f WriteFile 10559->10566 10560->10556 10560->10559 10562 b267f4 10561->10562 10563 b267eb NtClose 10561->10563 10571 b26544 10562->10571 10563->10562 10566->10559 10568 b26769 SetFilePointerEx 10566->10568 10567 b2680d 10569 b26822 10567->10569 10570 b2684c RtlFreeHeap 10567->10570 10568->10559 10568->10566 10569->10549 10570->10569 10572 b268fc RtlAllocateHeap 10571->10572 10573 b2655e 10572->10573 10574 b268fc RtlAllocateHeap 10573->10574 10579 b26567 10573->10579 10577 b26576 10574->10577 10575 b2660c DeleteFileW 10575->10567 10576 b2684c RtlFreeHeap 10576->10575 10578 b265cd MoveFileExW 10577->10578 10577->10579 10578->10577 10578->10579 10579->10575 10579->10576 10581 b2bf15 10580->10581 10582 b2bfab 10581->10582 10584 b26830 RtlAllocateHeap 10581->10584 10583 b2bfb9 10582->10583 10585 b2684c RtlFreeHeap 10582->10585 10583->10456 10583->10457 10586 b2bf27 10584->10586 10585->10583 10586->10582 10589 b2be2c 10586->10589 10594 b2bb94 10586->10594 10590 b268fc RtlAllocateHeap 10589->10590 10593 b2be48 10590->10593 10591 b2bee6 10591->10586 10592 b2684c RtlFreeHeap 10592->10591 10593->10591 10593->10592 10596 b2bbbc 10594->10596 10595 b2bbc0 10597 b2be06 10595->10597 10598 b2bdfd DeleteDC 10595->10598 10596->10595 10600 b26830 RtlAllocateHeap 10596->10600 10599 b2be14 10597->10599 10601 b2684c RtlFreeHeap 10597->10601 10598->10597 10599->10586 10602 b2bbe9 10600->10602 10601->10599 10602->10595 10603 b2bc3c CreateDCW 10602->10603 10603->10595 10604 b2bc59 10603->10604 10605 b2bcc3 CreateFontIndirectW 10604->10605 10606 b2bce6 StartDocW 10605->10606 10606->10595 10610 b2bd2a 10606->10610 10608 b2bd48 10609 b2bdc8 EndDoc 10608->10609 10609->10595 10610->10608 10611 b2bd74 DrawTextA 10610->10611 10612 b2bdb6 EndPage 10611->10612 10612->10609 10612->10610 10664 b2f4f8 10613->10664 10616 b2f4f8 2 API calls 10618 b2ffdc 10616->10618 10617 b3026f 10621 b3027d 10617->10621 10622 b2684c RtlFreeHeap 10617->10622 10619 b30004 10618->10619 10623 b2f4f8 2 API calls 10618->10623 10625 b26830 RtlAllocateHeap 10619->10625 10634 b3002d 10619->10634 10620 b2684c RtlFreeHeap 10620->10617 10624 b3028b 10621->10624 10626 b2684c RtlFreeHeap 10621->10626 10622->10621 10623->10619 10624->9355 10627 b30024 10625->10627 10626->10624 10628 b26830 RtlAllocateHeap 10627->10628 10627->10634 10629 b3003f 10628->10629 10630 b2e144 8 API calls 10629->10630 10629->10634 10638 b30052 10630->10638 10631 b269a8 RtlAllocateHeap 10631->10638 10632 b301e9 10633 b2684c RtlFreeHeap 10632->10633 10632->10634 10633->10634 10634->10617 10634->10620 10635 b2f634 NtSetInformationThread NtClose 10635->10638 10636 b2b390 2 API calls 10636->10638 10637 b2684c RtlFreeHeap 10637->10638 10638->10631 10638->10632 10638->10635 10638->10636 10638->10637 10640 b27403 10639->10640 10641 b268fc RtlAllocateHeap 10640->10641 10643 b27411 10641->10643 10642 b27434 10642->9727 10643->10642 10644 b2684c RtlFreeHeap 10643->10644 10644->10642 10646 b2a953 10645->10646 10647 b2a458 6 API calls 10646->10647 10649 b2a96a 10647->10649 10648 b2a999 10648->9727 10649->10648 10650 b26830 RtlAllocateHeap 10649->10650 10650->10648 10652 b2a3cf 10651->10652 10653 b2b390 2 API calls 10652->10653 10654 b2a3e9 10652->10654 10653->10654 10654->9746 10654->9756 10656 b26a55 10655->10656 10657 b26830 RtlAllocateHeap 10656->10657 10658 b26a6b 10656->10658 10657->10658 10658->9763 10660 b2e144 8 API calls 10659->10660 10661 b308d3 10660->10661 10662 b2b390 2 API calls 10661->10662 10663 b30924 10661->10663 10662->10663 10663->9732 10665 b2f552 10664->10665 10666 b2f56c 10665->10666 10667 b2b390 2 API calls 10665->10667 10666->10616 10666->10619 10667->10666 10669 b30da4 10668->10669 10670 b30de9 10668->10670 10671 b2c820 2 API calls 10669->10671 10670->9782 10674 b3135c 10670->10674 10673 b30da9 10671->10673 10672 b2684c RtlFreeHeap 10672->10670 10673->10670 10673->10672 10726 b3119c 10674->10726 10676 b3139d 10677 b26db0 RtlAllocateHeap 10676->10677 10702 b313a1 10676->10702 10685 b313b0 10677->10685 10678 b3153c 10680 b3154a 10678->10680 10681 b2684c RtlFreeHeap 10678->10681 10679 b2684c RtlFreeHeap 10679->10678 10682 b31558 10680->10682 10683 b2684c RtlFreeHeap 10680->10683 10681->10680 10684 b31566 10682->10684 10686 b2684c RtlFreeHeap 10682->10686 10683->10682 10684->9782 10703 b316bc 10684->10703 10685->10702 10748 b3156d 10685->10748 10686->10684 10689 b26db0 RtlAllocateHeap 10690 b313f7 10689->10690 10691 b3156d RtlFreeHeap 10690->10691 10690->10702 10692 b31430 10691->10692 10693 b26db0 RtlAllocateHeap 10692->10693 10694 b3143a 10693->10694 10695 b3156d RtlFreeHeap 10694->10695 10694->10702 10696 b3147d 10695->10696 10697 b26db0 RtlAllocateHeap 10696->10697 10698 b31487 10697->10698 10699 b3156d RtlFreeHeap 10698->10699 10698->10702 10700 b314c7 10699->10700 10701 b26db0 RtlAllocateHeap 10700->10701 10701->10702 10702->10678 10702->10679 10704 b26db0 RtlAllocateHeap 10703->10704 10708 b316ed 10704->10708 10705 b317ec 10707 b317fa 10705->10707 10709 b2684c RtlFreeHeap 10705->10709 10706 b2684c RtlFreeHeap 10706->10705 10707->9782 10707->9793 10710 b31814 RtlAllocateHeap 10708->10710 10713 b316f6 10708->10713 10709->10707 10711 b3172a 10710->10711 10712 b26db0 RtlAllocateHeap 10711->10712 10711->10713 10714 b31765 10712->10714 10713->10705 10713->10706 10715 b2684c RtlFreeHeap 10714->10715 10715->10713 10717 b310ec 10716->10717 10718 b26db0 RtlAllocateHeap 10717->10718 10725 b310f1 10717->10725 10723 b310fd 10718->10723 10719 b31175 10720 b31183 10719->10720 10722 b2684c RtlFreeHeap 10719->10722 10720->9797 10721 b2684c RtlFreeHeap 10721->10719 10722->10720 10724 b26db0 RtlAllocateHeap 10723->10724 10723->10725 10724->10725 10725->10719 10725->10721 10727 b311cb 10726->10727 10730 b311de 10726->10730 10729 b26db0 RtlAllocateHeap 10727->10729 10727->10730 10728 b3126b 10728->10676 10731 b311e9 10729->10731 10730->10728 10752 b31028 10730->10752 10731->10730 10732 b26db0 RtlAllocateHeap 10731->10732 10734 b31201 10732->10734 10734->10730 10735 b31210 10734->10735 10737 b26db0 RtlAllocateHeap 10735->10737 10736 b31292 10738 b268fc RtlAllocateHeap 10736->10738 10740 b31219 10737->10740 10739 b312a1 10738->10739 10739->10728 10741 b268fc RtlAllocateHeap 10739->10741 10740->10676 10742 b312d3 10741->10742 10742->10728 10743 b31319 10742->10743 10744 b2684c RtlFreeHeap 10742->10744 10745 b31327 10743->10745 10746 b2684c RtlFreeHeap 10743->10746 10744->10743 10745->10728 10747 b2684c RtlFreeHeap 10745->10747 10746->10745 10747->10728 10749 b31573 10748->10749 10751 b313ed 10748->10751 10750 b2684c RtlFreeHeap 10749->10750 10750->10751 10751->10689 10753 b26830 RtlAllocateHeap 10752->10753 10754 b3103e 10753->10754 10754->10736 10756 b31b4b 10755->10756 10759 b31aac 10756->10759 10758 b31b63 10758->9803 10760 b26830 RtlAllocateHeap 10759->10760 10761 b31ac3 10760->10761 10762 b31af9 10761->10762 10763 b26868 RtlReAllocateHeap 10761->10763 10766 b31adc 10761->10766 10764 b2684c RtlFreeHeap 10762->10764 10763->10761 10765 b31b01 10764->10765 10765->10758 10767 b2684c RtlFreeHeap 10766->10767 10768 b31b3c 10767->10768 10768->10758 10773 b36412 10769->10773 10770 b3642a 10771 b3654c 10770->10771 10772 b2684c RtlFreeHeap 10770->10772 10771->9817 10772->10771 10773->10770 10821 b36080 10773->10821 10788 b33f00 10787->10788 10792 b33f31 10788->10792 11082 b33cf4 10788->11082 10790 b33fc2 10790->9814 10793 b34464 10790->10793 10791 b2684c RtlFreeHeap 10791->10790 10792->10790 10792->10791 10794 b3448a 10793->10794 10812 b3448e 10794->10812 11085 b32a54 10794->11085 10796 b345e0 10800 b2684c RtlFreeHeap 10796->10800 10801 b345ee 10796->10801 10798 b2684c RtlFreeHeap 10798->10796 10799 b26830 RtlAllocateHeap 10803 b344af 10799->10803 10800->10801 10802 b345fc 10801->10802 10804 b2684c RtlFreeHeap 10801->10804 10802->9823 10813 b34604 10802->10813 10805 b29610 2 API calls 10803->10805 10803->10812 10804->10802 10806 b344c2 10805->10806 10807 b2f788 2 API calls 10806->10807 10808 b344db 10807->10808 10809 b26830 RtlAllocateHeap 10808->10809 10808->10812 10810 b344f9 10809->10810 10811 b26830 RtlAllocateHeap 10810->10811 10810->10812 10811->10812 10812->10796 10812->10798 10814 b34615 10813->10814 10815 b34816 10814->10815 10816 b29610 2 API calls 10814->10816 10815->9823 10817 b34623 10816->10817 10817->10815 10818 b26db0 RtlAllocateHeap 10817->10818 10819 b3463d 10818->10819 10819->10815 10820 b2684c RtlFreeHeap 10819->10820 10820->10815 11053 b36004 10821->11053 10823 b363ac 10825 b363ba 10823->10825 10826 b2684c RtlFreeHeap 10823->10826 10824 b2684c RtlFreeHeap 10824->10823 10827 b363c8 10825->10827 10829 b2684c RtlFreeHeap 10825->10829 10826->10825 10830 b363d6 10827->10830 10831 b2684c RtlFreeHeap 10827->10831 10829->10827 10832 b363e4 10830->10832 10834 b2684c RtlFreeHeap 10830->10834 10831->10830 10832->10770 10844 b35c84 10832->10844 10833 b26830 RtlAllocateHeap 10835 b36104 10833->10835 10834->10832 10836 b26830 RtlAllocateHeap 10835->10836 10842 b360c8 10835->10842 10837 b361a5 10836->10837 10838 b26830 RtlAllocateHeap 10837->10838 10837->10842 10839 b361f5 10838->10839 10840 b26830 RtlAllocateHeap 10839->10840 10839->10842 10841 b362a0 10840->10841 10841->10842 10843 b2684c RtlFreeHeap 10841->10843 10842->10823 10842->10824 10843->10842 10845 b35ceb 10844->10845 10846 b26db0 RtlAllocateHeap 10845->10846 10853 b35d00 10845->10853 10851 b35d77 10846->10851 10847 b35feb 10849 b35ff9 10847->10849 10850 b2684c RtlFreeHeap 10847->10850 10848 b2684c RtlFreeHeap 10848->10847 10849->10770 10854 b34bbc 10849->10854 10850->10849 10852 b26db0 RtlAllocateHeap 10851->10852 10851->10853 10852->10853 10853->10847 10853->10848 10855 b26830 RtlAllocateHeap 10854->10855 10856 b34bef 10855->10856 10860 b26830 RtlAllocateHeap 10856->10860 10866 b34bf8 10856->10866 10857 b2684c RtlFreeHeap 10859 b34d77 10857->10859 10858 b34d85 10862 b34d93 10858->10862 10863 b2684c RtlFreeHeap 10858->10863 10859->10858 10861 b2684c RtlFreeHeap 10859->10861 10864 b34c22 10860->10864 10861->10858 10862->10770 10867 b359e0 10862->10867 10863->10862 10865 b26830 RtlAllocateHeap 10864->10865 10864->10866 10865->10866 10866->10857 10866->10859 10868 b26830 RtlAllocateHeap 10867->10868 10869 b35a39 10868->10869 10870 b35a42 10869->10870 11059 b348d8 10869->11059 10871 b35c06 10870->10871 10873 b2684c RtlFreeHeap 10870->10873 10872 b35c14 10871->10872 10874 b2684c RtlFreeHeap 10871->10874 10875 b35c22 10872->10875 10877 b2684c RtlFreeHeap 10872->10877 10873->10871 10874->10872 10878 b35c30 10875->10878 10879 b2684c RtlFreeHeap 10875->10879 10877->10875 10880 b35c3e 10878->10880 10881 b2684c RtlFreeHeap 10878->10881 10879->10878 10882 b35c4c 10880->10882 10883 b2684c RtlFreeHeap 10880->10883 10881->10880 10884 b35c5a 10882->10884 10885 b2684c RtlFreeHeap 10882->10885 10883->10882 10886 b35c68 10884->10886 10888 b2684c RtlFreeHeap 10884->10888 10885->10884 10886->10770 10906 b35710 10886->10906 10887 b35a6a 10887->10870 11062 b3498c 10887->11062 10888->10886 10890 b35a96 10890->10870 10891 b2684c RtlFreeHeap 10890->10891 10892 b35ab8 10891->10892 10893 b3498c RtlAllocateHeap 10892->10893 10894 b35ad1 10893->10894 10894->10870 11065 b34a04 10894->11065 10896 b35b19 10896->10870 11068 b34b64 10896->11068 10899 b26830 RtlAllocateHeap 10900 b35b4e 10899->10900 10900->10870 10901 b26db0 RtlAllocateHeap 10900->10901 10902 b35b66 10901->10902 10902->10870 10903 b26830 RtlAllocateHeap 10902->10903 10904 b35b8f 10903->10904 10904->10870 10905 b2684c RtlFreeHeap 10904->10905 10905->10904 10907 b26830 RtlAllocateHeap 10906->10907 10908 b35758 10907->10908 10909 b26830 RtlAllocateHeap 10908->10909 10930 b35761 10908->10930 10920 b35770 10909->10920 10910 b3597e 10912 b3598c 10910->10912 10913 b2684c RtlFreeHeap 10910->10913 10911 b2684c RtlFreeHeap 10911->10910 10914 b3599a 10912->10914 10915 b2684c RtlFreeHeap 10912->10915 10913->10912 10916 b2684c RtlFreeHeap 10914->10916 10918 b359a8 10914->10918 10915->10914 10916->10918 10917 b359b6 10917->10770 10931 b34dac 10917->10931 10918->10917 10919 b2684c RtlFreeHeap 10918->10919 10919->10917 10921 b26830 RtlAllocateHeap 10920->10921 10920->10930 10922 b3589f 10921->10922 10923 b26db0 RtlAllocateHeap 10922->10923 10922->10930 10924 b358b7 10923->10924 10925 b2684c RtlFreeHeap 10924->10925 10924->10930 10926 b35900 10925->10926 10927 b26830 RtlAllocateHeap 10926->10927 10928 b35919 10927->10928 10929 b26db0 RtlAllocateHeap 10928->10929 10928->10930 10929->10930 10930->10910 10930->10911 10932 b26830 RtlAllocateHeap 10931->10932 10936 b34df4 10932->10936 10933 b34fc1 10935 b34fcf 10933->10935 10937 b2684c RtlFreeHeap 10933->10937 10934 b2684c RtlFreeHeap 10934->10933 10938 b34fdd 10935->10938 10940 b2684c RtlFreeHeap 10935->10940 10939 b348d8 RtlAllocateHeap 10936->10939 10967 b34dfd 10936->10967 10937->10935 10941 b34feb 10938->10941 10942 b2684c RtlFreeHeap 10938->10942 10947 b34e25 10939->10947 10940->10938 10943 b2684c RtlFreeHeap 10941->10943 10945 b34ff9 10941->10945 10942->10941 10943->10945 10944 b35007 10946 b35015 10944->10946 10949 b2684c RtlFreeHeap 10944->10949 10945->10944 10948 b2684c RtlFreeHeap 10945->10948 10950 b35023 10946->10950 10951 b2684c RtlFreeHeap 10946->10951 10947->10967 11073 b3487c 10947->11073 10948->10944 10949->10946 10950->10770 10970 b3503c 10950->10970 10951->10950 10953 b34e51 10954 b2684c RtlFreeHeap 10953->10954 10953->10967 10955 b34e73 10954->10955 10956 b3487c RtlAllocateHeap 10955->10956 10957 b34e8c 10956->10957 10958 b34a04 RtlAllocateHeap 10957->10958 10957->10967 10959 b34ed4 10958->10959 10960 b34b64 RtlAllocateHeap 10959->10960 10959->10967 10961 b34ee9 10960->10961 10962 b26830 RtlAllocateHeap 10961->10962 10961->10967 10963 b34f09 10962->10963 10964 b26db0 RtlAllocateHeap 10963->10964 10963->10967 10965 b34f21 10964->10965 10966 b26830 RtlAllocateHeap 10965->10966 10965->10967 10968 b34f4a 10966->10968 10967->10933 10967->10934 10968->10967 10969 b2684c RtlFreeHeap 10968->10969 10969->10968 10971 b26830 RtlAllocateHeap 10970->10971 10979 b3509f 10971->10979 10972 b35677 10974 b35685 10972->10974 10975 b2684c RtlFreeHeap 10972->10975 10973 b2684c RtlFreeHeap 10973->10972 10976 b35693 10974->10976 10977 b2684c RtlFreeHeap 10974->10977 10975->10974 10978 b356a1 10976->10978 10980 b2684c RtlFreeHeap 10976->10980 10977->10976 10981 b356af 10978->10981 10983 b2684c RtlFreeHeap 10978->10983 10993 b26830 RtlAllocateHeap 10979->10993 11047 b350a8 10979->11047 10980->10978 10982 b356bd 10981->10982 10984 b2684c RtlFreeHeap 10981->10984 10985 b356cb 10982->10985 10986 b2684c RtlFreeHeap 10982->10986 10983->10981 10984->10982 10987 b356d9 10985->10987 10988 b2684c RtlFreeHeap 10985->10988 10986->10985 10989 b356e7 10987->10989 10990 b2684c RtlFreeHeap 10987->10990 10988->10987 10991 b356f5 10989->10991 10992 b2684c RtlFreeHeap 10989->10992 10990->10989 10991->10770 10992->10991 10994 b3515b 10993->10994 10995 b348d8 RtlAllocateHeap 10994->10995 10994->11047 10996 b3518c 10995->10996 10996->11047 11076 b34820 10996->11076 10998 b351b8 10999 b2684c RtlFreeHeap 10998->10999 10998->11047 11000 b351da 10999->11000 11001 b34820 RtlAllocateHeap 11000->11001 11002 b351f3 11001->11002 11003 b34a04 RtlAllocateHeap 11002->11003 11002->11047 11004 b3523b 11003->11004 11005 b34b64 RtlAllocateHeap 11004->11005 11004->11047 11006 b35250 11005->11006 11007 b26830 RtlAllocateHeap 11006->11007 11006->11047 11008 b35299 11007->11008 11009 b26db0 RtlAllocateHeap 11008->11009 11008->11047 11010 b352b1 11009->11010 11011 b26830 RtlAllocateHeap 11010->11011 11010->11047 11012 b352dd 11011->11012 11013 b2684c RtlFreeHeap 11012->11013 11012->11047 11014 b35383 11013->11014 11015 b35391 11014->11015 11016 b2684c RtlFreeHeap 11014->11016 11017 b353a6 11015->11017 11018 b2684c RtlFreeHeap 11015->11018 11016->11015 11019 b353bb 11017->11019 11020 b2684c RtlFreeHeap 11017->11020 11018->11017 11021 b353d0 11019->11021 11023 b2684c RtlFreeHeap 11019->11023 11020->11019 11022 b353e5 11021->11022 11024 b2684c RtlFreeHeap 11021->11024 11025 b353fa 11022->11025 11026 b2684c RtlFreeHeap 11022->11026 11023->11021 11024->11022 11027 b3540f 11025->11027 11028 b2684c RtlFreeHeap 11025->11028 11026->11025 11029 b35424 11027->11029 11030 b2684c RtlFreeHeap 11027->11030 11028->11027 11031 b26830 RtlAllocateHeap 11029->11031 11030->11029 11032 b3544b 11031->11032 11033 b348d8 RtlAllocateHeap 11032->11033 11032->11047 11034 b3547c 11033->11034 11034->11047 11079 b3491c 11034->11079 11036 b354a8 11037 b2684c RtlFreeHeap 11036->11037 11036->11047 11038 b354d5 11037->11038 11039 b3491c RtlAllocateHeap 11038->11039 11040 b354e3 11039->11040 11041 b34a04 RtlAllocateHeap 11040->11041 11040->11047 11042 b3552b 11041->11042 11043 b34b64 RtlAllocateHeap 11042->11043 11042->11047 11044 b35540 11043->11044 11045 b26830 RtlAllocateHeap 11044->11045 11044->11047 11046 b355b7 11045->11046 11046->11047 11048 b26db0 RtlAllocateHeap 11046->11048 11047->10972 11047->10973 11049 b355cf 11048->11049 11049->11047 11050 b26830 RtlAllocateHeap 11049->11050 11051 b355f8 11050->11051 11051->11047 11052 b2684c RtlFreeHeap 11051->11052 11052->11047 11054 b36024 11053->11054 11055 b268fc RtlAllocateHeap 11054->11055 11058 b36064 11054->11058 11056 b3604d 11055->11056 11057 b268fc RtlAllocateHeap 11056->11057 11056->11058 11057->11058 11058->10833 11058->10842 11060 b26830 RtlAllocateHeap 11059->11060 11061 b348e1 11060->11061 11061->10887 11063 b26830 RtlAllocateHeap 11062->11063 11064 b34998 11063->11064 11064->10890 11066 b26830 RtlAllocateHeap 11065->11066 11067 b34a14 11066->11067 11067->10896 11069 b26830 RtlAllocateHeap 11068->11069 11071 b34b83 11069->11071 11070 b26830 RtlAllocateHeap 11070->11071 11071->11070 11072 b34bb0 11071->11072 11072->10870 11072->10899 11074 b26830 RtlAllocateHeap 11073->11074 11075 b34888 11074->11075 11075->10953 11077 b26830 RtlAllocateHeap 11076->11077 11078 b3482c 11077->11078 11078->10998 11080 b26830 RtlAllocateHeap 11079->11080 11081 b34928 11080->11081 11081->11036 11083 b26830 RtlAllocateHeap 11082->11083 11084 b33d0e 11083->11084 11084->10792 11088 b32a7d 11085->11088 11086 b32a81 11086->10799 11088->11086 11089 b328b0 11088->11089 11090 b328d7 11089->11090 11091 b297a8 4 API calls 11090->11091 11092 b328e7 11091->11092 11093 b297a8 4 API calls 11092->11093 11094 b328fb 11092->11094 11093->11094 11094->11086 11096 b36612 11095->11096 11101 b26db0 RtlAllocateHeap 11096->11101 11104 b36670 11096->11104 11097 b36b00 11099 b36b0e 11097->11099 11100 b2684c RtlFreeHeap 11097->11100 11098 b2684c RtlFreeHeap 11098->11097 11099->9830 11100->11099 11102 b36748 11101->11102 11103 b26830 RtlAllocateHeap 11102->11103 11102->11104 11103->11104 11104->11097 11104->11098 11106 b33703 11105->11106 11107 b32a54 4 API calls 11106->11107 11122 b33707 11106->11122 11108 b3371e 11107->11108 11112 b26830 RtlAllocateHeap 11108->11112 11109 b2684c RtlFreeHeap 11111 b33845 11109->11111 11110 b33853 11114 b33861 11110->11114 11116 b2684c RtlFreeHeap 11110->11116 11111->11110 11113 b2684c RtlFreeHeap 11111->11113 11115 b33728 11112->11115 11113->11110 11114->9840 11117 b2f788 2 API calls 11115->11117 11115->11122 11116->11114 11118 b33740 11117->11118 11119 b26830 RtlAllocateHeap 11118->11119 11118->11122 11120 b3375e 11119->11120 11121 b26830 RtlAllocateHeap 11120->11121 11120->11122 11121->11122 11122->11109 11122->11111 11124 b302ac 11123->11124 11125 b26830 RtlAllocateHeap 11124->11125 11126 b302cd 11125->11126 11126->9874 11627 b27e5a 11632 b27e30 11627->11632 11628 b27e42 NtQuerySystemInformation 11628->11632 11629 b27e75 11631 b2684c RtlFreeHeap 11629->11631 11630 b26868 RtlReAllocateHeap 11630->11632 11634 b27e7d 11631->11634 11632->11628 11632->11629 11632->11630 11633 b2684c RtlFreeHeap 11632->11633 11636 b26830 RtlAllocateHeap 11632->11636 11635 b27f10 Sleep 11633->11635 11635->11632 11636->11632 11422 b31ade 11423 b31ac6 11422->11423 11424 b31adc 11423->11424 11426 b31af9 11423->11426 11428 b26868 RtlReAllocateHeap 11423->11428 11425 b2684c RtlFreeHeap 11424->11425 11427 b31b3c 11425->11427 11429 b2684c RtlFreeHeap 11426->11429 11428->11423 11430 b31b01 11429->11430 11171 b2969d 11172 b2967f 11171->11172 11173 b29705 11172->11173 11174 b2684c RtlFreeHeap 11172->11174 11174->11173 11431 b330c4 11432 b330db 11431->11432 11433 b32a54 4 API calls 11432->11433 11434 b3312a 11432->11434 11433->11434 11191 b2ef8e 11198 b2ef57 11191->11198 11192 b2ef43 MoveFileExW 11193 b2ef55 11192->11193 11192->11198 11194 b2efad CreateFileW 11193->11194 11210 b2efd1 11193->11210 11195 b2efd6 11194->11195 11194->11210 11205 b2ec8c 2 API calls 11195->11205 11196 b2f0a9 11201 b2684c RtlFreeHeap 11196->11201 11197 b2ef90 11199 b2684c RtlFreeHeap 11197->11199 11198->11192 11198->11193 11198->11197 11202 b2684c RtlFreeHeap 11198->11202 11204 b2ec40 RtlAllocateHeap 11198->11204 11199->11193 11200 b2684c RtlFreeHeap 11200->11196 11203 b2f0b1 11201->11203 11202->11198 11204->11198 11206 b2efeb 11205->11206 11207 b2efff CreateIoCompletionPort 11206->11207 11206->11210 11208 b2f016 11207->11208 11211 b2f038 11207->11211 11209 b2684c RtlFreeHeap 11208->11209 11209->11210 11210->11196 11210->11200 11211->11210 11212 b2684c RtlFreeHeap 11211->11212 11212->11210 11637 b2dd4e 11640 b2dd3a 11637->11640 11638 b2dd4c 11639 b2dd99 11638->11639 11641 b2684c RtlFreeHeap 11638->11641 11640->11638 11642 b2daec NtTerminateProcess 11640->11642 11643 b2dbbc NtTerminateProcess 11640->11643 11641->11639 11642->11640 11643->11640 11213 b2e38c 11216 b2e34f 11213->11216 11214 b2e321 SetFileAttributesW CreateFileW 11214->11216 11217 b2e367 11214->11217 11215 b2dda4 5 API calls 11215->11216 11216->11214 11216->11215 11216->11217 11644 b2f84c 11646 b2f82e 11644->11646 11645 b26830 RtlAllocateHeap 11645->11646 11646->11645 11648 b2f84a 11646->11648 11647 b2f96e 11648->11647 11649 b26830 RtlAllocateHeap 11648->11649 11649->11648 11435 b33fcc 11440 b34010 11435->11440 11436 b3443e 11438 b3444c 11436->11438 11439 b2684c RtlFreeHeap 11436->11439 11437 b2684c RtlFreeHeap 11437->11436 11441 b3445a 11438->11441 11442 b2684c RtlFreeHeap 11438->11442 11439->11438 11443 b26db0 RtlAllocateHeap 11440->11443 11446 b3402e 11440->11446 11442->11441 11444 b340e2 11443->11444 11445 b26830 RtlAllocateHeap 11444->11445 11444->11446 11445->11446 11446->11436 11446->11437

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Create$Load$ErrorImageLast$CapsColorCommandDeviceFontFreeLibraryLineMenuPixelProcSelectTextWindow$AddressAttributesBitmapBrushButtonCheckedDialogExitFileHandleHeapInfoItemLocaleModuleObjectPaletteParamProcessSolid
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 901569772-0
                                                                                                                                                                                  • Opcode ID: eb98fa4eb4622a4d89cb20af3f8d13413e5915dc95ddeda054349d52433cb4f7
                                                                                                                                                                                  • Instruction ID: cb97b655d9e7ae469491ccfc7680b7cc4b7e4b000461779cae00cdcfc1a81f95
                                                                                                                                                                                  • Opcode Fuzzy Hash: eb98fa4eb4622a4d89cb20af3f8d13413e5915dc95ddeda054349d52433cb4f7
                                                                                                                                                                                  • Instruction Fuzzy Hash: 810162988DA348B9D66177F3980BB6C36E4BF66354F3514FDB1491A1A35E205444C23B
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 9 b30410-b304c5 call b2165c call b26db0 18 b304c7 9->18 19 b304cc-b304e5 call b26830 9->19 20 b30845-b3084c 18->20 27 b304e7 19->27 28 b304ec-b304ff call b38ba4 19->28 22 b3085a-b30861 20->22 23 b3084e 20->23 25 b30863 22->25 26 b3086f-b30873 22->26 23->22 25->26 30 b30875 26->30 31 b3087e-b30882 26->31 27->20 35 b30501 28->35 36 b30506-b30516 call b30294 28->36 30->31 33 b30884-b30887 call b2684c 31->33 34 b3088c-b30890 31->34 33->34 38 b30892-b30895 call b2684c 34->38 39 b3089a-b3089e 34->39 35->20 49 b30518 36->49 50 b3051d-b3056e GetTempFileNameW CreateFileW 36->50 38->39 42 b308a0-b308a3 call b2684c 39->42 43 b308a8-b308ac 39->43 42->43 45 b308b6-b308bc 43->45 46 b308ae-b308b1 call b2684c 43->46 46->45 49->20 52 b30570 50->52 53 b30575-b3058a WriteFile 50->53 52->20 54 b30591-b305aa 53->54 55 b3058c 53->55 57 b305ac-b305b1 54->57 55->20 58 b305b3-b305f4 CreateProcessW 57->58 59 b305b5-b305b7 57->59 61 b305f6 58->61 62 b305fb-b30618 NtQueryInformationProcess 58->62 59->57 61->20 63 b3061a 62->63 64 b3061f-b3063f NtReadVirtualMemory 62->64 63->20 65 b30641 64->65 66 b30646-b30657 call b26db0 64->66 65->20 69 b30659 66->69 70 b3065e-b306d9 call b392f4 call b39348 call b3941c NtProtectVirtualMemory 66->70 69->20 77 b306e0-b306f3 NtWriteVirtualMemory 70->77 78 b306db 70->78 79 b306f5 77->79 80 b306fa-b30756 77->80 78->20 79->20 82 b30758 80->82 83 b3075d-b3077e 80->83 82->20 85 b30780 83->85 86 b30785-b307ed CreateNamedPipeW 83->86 85->20 87 b307f1-b3080a ResumeThread ConnectNamedPipe 86->87 88 b307ef 86->88 89 b3081b-b30838 87->89 90 b3080c-b30817 87->90 88->20 93 b3083a 89->93 94 b3083c 89->94 90->89 91 b30819 90->91 91->20 93->20 94->20
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: D
                                                                                                                                                                                  • API String ID: 0-2746444292
                                                                                                                                                                                  • Opcode ID: 9183b85a7087782c7a86de8eb7d745fa8aacbf85f8b0384dc46bc7e4dc712594
                                                                                                                                                                                  • Instruction ID: 00500c1dbbada59b99208fad398c4936ab4ff921b40bf849353e2d93a2246e15
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9183b85a7087782c7a86de8eb7d745fa8aacbf85f8b0384dc46bc7e4dc712594
                                                                                                                                                                                  • Instruction Fuzzy Hash: 91E12B71950618EFEF20AF90DC49BEEBBB9FF04305F2040A5E609BA191DB755A84CF91
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 233 b29198-b2946b call b21250 * 5 RegCreateKeyExW 244 b29471 233->244 245 b2954d-b29551 233->245 248 b29478-b29495 RegEnumKeyW 244->248 246 b29553 245->246 247 b2955c-b2958a RegCreateKeyExW 245->247 246->247 249 b295e5-b295e9 247->249 250 b2958c 247->250 251 b29497 248->251 252 b2949c-b294c8 RegCreateKeyExW 248->252 256 b295f4-b295f7 249->256 257 b295eb 249->257 253 b29593-b295b0 RegEnumKeyW 250->253 251->245 254 b29545-b29548 252->254 255 b294ca-b294ea RegSetValueExW 252->255 258 b295b2 253->258 259 b295b4-b295ca OpenEventLogW 253->259 254->248 260 b29536-b2953a 255->260 261 b294ec-b29508 RegSetValueExW 255->261 257->256 258->249 263 b295e0-b295e3 259->263 264 b295cc-b295d7 ClearEventLogW 259->264 260->254 262 b2953c 260->262 261->260 265 b2950a-b29520 OpenEventLogW 261->265 262->254 263->253 264->263 265->260 266 b29522-b2952d ClearEventLogW 265->266 266->260
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • RegCreateKeyExW.KERNELBASE(80000002,?,00000000,00000000,00000000,0002011F,00000000,00000000,00000000,?,00000007,?,00000004,?,00000019,?), ref: 00B29463
                                                                                                                                                                                  • RegEnumKeyW.ADVAPI32(00000000,00000000,?,00000104), ref: 00B2948A
                                                                                                                                                                                  • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,0002011F,00000000,00000000,00000000), ref: 00B294C0
                                                                                                                                                                                  • RegSetValueExW.KERNELBASE(00000000,?,00000000,00000004,00000000,00000004), ref: 00B294E2
                                                                                                                                                                                  • RegSetValueExW.KERNELBASE(00000000,?,00000000,00000001,?,00000064), ref: 00B29500
                                                                                                                                                                                  • OpenEventLogW.ADVAPI32(00000000,?), ref: 00B29513
                                                                                                                                                                                  • ClearEventLogW.ADVAPI32(00000000,00000000), ref: 00B29527
                                                                                                                                                                                  • RegCreateKeyExW.KERNELBASE(80000002,?,00000000,00000000,00000000,0002011F,00000000,00000000,00000000), ref: 00B29582
                                                                                                                                                                                  • RegEnumKeyW.ADVAPI32(00000000,00000000,?,00000104), ref: 00B295A5
                                                                                                                                                                                  • OpenEventLogW.ADVAPI32(00000000,?), ref: 00B295BD
                                                                                                                                                                                  • ClearEventLogW.ADVAPI32(00000000,00000000), ref: 00B295D1
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Event$Create$ClearEnumOpenValue
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1260815474-0
                                                                                                                                                                                  • Opcode ID: f3d0a22cc237e9b318b8049e54193df60a4ac41d66863e0f9ff1a64ccb448da6
                                                                                                                                                                                  • Instruction ID: e6a0bdee176ed50a471169541562bc959a77a03000f0d60edb048137af5bd91c
                                                                                                                                                                                  • Opcode Fuzzy Hash: f3d0a22cc237e9b318b8049e54193df60a4ac41d66863e0f9ff1a64ccb448da6
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8CC116B0540314EFEB55AF50E889B997F78FB22704F1288D8E2286F272D7768A44CF50
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 267 b2a65c-b2a6dc GetVolumeNameForVolumeMountPointW FindFirstVolumeW 271 b2a6e2-b2a6e8 267->271 272 b2a920-b2a925 267->272 273 b2a6ee-b2a6f5 271->273 274 b2a8ef-b2a911 271->274 273->274 275 b2a6fb-b2a712 GetVolumePathNamesForVolumeNameW 273->275 274->271 281 b2a917 274->281 275->274 277 b2a718-b2a71c 275->277 277->274 278 b2a722-b2a726 277->278 278->274 280 b2a72c-b2a736 GetDriveTypeW 278->280 282 b2a741-b2a749 call b21574 280->282 283 b2a738-b2a73b 280->283 281->272 286 b2a7c7-b2a7ed call b21700 CreateFileW 282->286 287 b2a74b-b2a793 282->287 283->274 283->282 291 b2a7f3-b2a819 DeviceIoControl 286->291 292 b2a8e6 286->292 295 b2a7b3-b2a7b7 287->295 296 b2a795-b2a7ae call b2a5d0 287->296 291->292 294 b2a81f-b2a826 291->294 292->274 297 b2a828-b2a834 294->297 298 b2a88c-b2a893 294->298 301 b2a7c2 295->301 302 b2a7b9 295->302 296->295 299 b2a853-b2a859 297->299 300 b2a836-b2a83d 297->300 298->292 303 b2a895-b2a89c 298->303 307 b2a85b-b2a862 299->307 308 b2a878-b2a885 call b216d0 call b2a5d0 299->308 300->299 305 b2a83f-b2a846 300->305 301->274 302->301 303->292 304 b2a89e-b2a8a5 303->304 304->292 309 b2a8a7-b2a8c1 call b216d0 304->309 305->299 310 b2a848-b2a84f 305->310 307->308 312 b2a864-b2a86b 307->312 319 b2a88a 308->319 323 b2a8c3-b2a8ca 309->323 324 b2a8da-b2a8e1 call b2a5d0 309->324 310->299 315 b2a851 310->315 312->308 316 b2a86d-b2a874 312->316 315->319 316->308 320 b2a876 316->320 319->292 320->319 325 b2a8d8 323->325 326 b2a8cc-b2a8d3 call b2a5d0 323->326 324->292 325->292 326->325
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetVolumeNameForVolumeMountPointW.KERNELBASE(?,?,00000104), ref: 00B2A6A6
                                                                                                                                                                                  • FindFirstVolumeW.KERNELBASE(?,00000104), ref: 00B2A6CF
                                                                                                                                                                                  • GetVolumePathNamesForVolumeNameW.KERNELBASE(?,?,00000040,00000000), ref: 00B2A70A
                                                                                                                                                                                  • GetDriveTypeW.KERNELBASE(?), ref: 00B2A72D
                                                                                                                                                                                  • CreateFileW.KERNELBASE(?,80000000,00000003,00000000,00000003,00000080,00000000,?), ref: 00B2A7E0
                                                                                                                                                                                  • DeviceIoControl.KERNELBASE(000000FF,00070048,00000000,00000000,?,00000090,00000001,00000000), ref: 00B2A811
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Volume$Name$ControlCreateDeviceDriveFileFindFirstMountNamesPathPointType
                                                                                                                                                                                  • String ID: '
                                                                                                                                                                                  • API String ID: 754975672-1997036262
                                                                                                                                                                                  • Opcode ID: 43e640ffdd336dd8b721e8c64b56154e315492786490aca255aecc9d4accee4b
                                                                                                                                                                                  • Instruction ID: 2db8da033251982b961d556e982bf1ced1e1f0ad70774cb2f63b0aa98b9c08b1
                                                                                                                                                                                  • Opcode Fuzzy Hash: 43e640ffdd336dd8b721e8c64b56154e315492786490aca255aecc9d4accee4b
                                                                                                                                                                                  • Instruction Fuzzy Hash: E5717330900A24EFDB315B50EC09B9E7BB8FF12315F1481E5F109AA0A2DB745B86DF56
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 329 b2c354-b2c36e 330 b2c5a7-b2c5b0 329->330 331 b2c374-b2c389 call b26db0 329->331 331->330 334 b2c38f-b2c3a5 call b26830 331->334 337 b2c5a1-b2c5a2 call b2684c 334->337 338 b2c3ab-b2c3bc call b38ba4 334->338 337->330 342 b2c3c2-b2c443 call b216d0 CreateFileW 338->342 343 b2c59b-b2c59c call b2684c 338->343 342->343 349 b2c449-b2c45e WriteFile 342->349 343->337 350 b2c592 349->350 351 b2c464-b2c487 RegCreateKeyExW 349->351 350->343 351->350 352 b2c48d-b2c4b9 RegSetValueExW 351->352 354 b2c589-b2c58c NtClose 352->354 355 b2c4bf-b2c538 RegCreateKeyExW 352->355 354->350 355->354 358 b2c53a-b2c56c RegSetValueExW 355->358 358->354 360 b2c56e-b2c582 SHChangeNotify 358->360 360->354
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 00B26830: RtlAllocateHeap.NTDLL(?,00000008,00000000,?,00B376B5,?,00000000,00000000), ref: 00B26841
                                                                                                                                                                                  • CreateFileW.KERNELBASE(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00B2C436
                                                                                                                                                                                  • WriteFile.KERNELBASE(000000FF,00000000,000000FF,?,00000000), ref: 00B2C456
                                                                                                                                                                                  • RegCreateKeyExW.KERNELBASE(80000000,?,00000000,00000000,00000000,00020106,00000000,?,00000000), ref: 00B2C47F
                                                                                                                                                                                  • RegSetValueExW.KERNELBASE(?,00000000,00000000,00000001,?,00000000), ref: 00B2C4B1
                                                                                                                                                                                  • RegCreateKeyExW.KERNELBASE(80000000,?,00000000,00000000,00000000,00020106,00000000,?,00000000), ref: 00B2C530
                                                                                                                                                                                  • RegSetValueExW.KERNELBASE(?,00000000,00000000,00000001,?,00000000), ref: 00B2C564
                                                                                                                                                                                  • SHChangeNotify.SHELL32(08000000,00001000,00000000,00000000), ref: 00B2C57C
                                                                                                                                                                                  • NtClose.NTDLL(?), ref: 00B2C58C
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Create$FileValue$AllocateChangeCloseHeapNotifyWrite
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1108940941-0
                                                                                                                                                                                  • Opcode ID: 5cacf8313bae2a414f9920a0631d125b3f95d8cbbd654eae90df98210353ec4f
                                                                                                                                                                                  • Instruction ID: bb04896dd70ff510f65c7cb54af4e4aaddd84202b14c93e94b00f3a9d8266901
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5cacf8313bae2a414f9920a0631d125b3f95d8cbbd654eae90df98210353ec4f
                                                                                                                                                                                  • Instruction Fuzzy Hash: B851A770600619BBEB20CFA0EC4AFAE7BB8FB04705F104155F604EB1D1DB71AA54CB95
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 361 b36f90-b36faf 363 b36fb5-b36fbc 361->363 364 b3706d-b37074 361->364 365 b36fe7-b36fee 363->365 366 b36fbe-b36fe4 call b26ab0 363->366 367 b370a1-b370d8 CreateThread * 2 364->367 368 b37076-b3708f CreateThread 364->368 372 b36ff0-b36ff7 365->372 373 b3702a-b37031 365->373 366->365 370 b370da call b27c74 367->370 371 b370df-b370e6 367->371 368->367 369 b37091-b3709a 368->369 369->367 370->371 377 b37100-b37107 371->377 378 b370e8-b370fd CreateThread 371->378 372->373 374 b36ff9-b37023 call b29c34 372->374 373->364 376 b37033-b3703a 373->376 374->373 376->364 382 b3703c-b37066 call b29c34 376->382 383 b37112-b37139 call b2b690 call b2e144 377->383 384 b37109-b37110 377->384 378->377 382->364 410 b3713b-b37142 383->410 411 b3717d-b37181 383->411 384->383 387 b3718a-b3718e 384->387 389 b37190-b3719b 387->389 390 b371a4-b371a8 387->390 389->390 396 b371aa-b371b5 390->396 397 b371be-b371c5 390->397 396->397 399 b371c7-b371d2 NtTerminateThread 397->399 400 b371db-b371e2 397->400 399->400 406 b371e4-b371fd CreateThread 400->406 407 b3720f-b37219 400->407 406->407 409 b371ff-b37208 406->409 416 b3721f-b37226 407->416 417 b372ee-b372fc call b31890 call b31c84 call b31608 407->417 409->407 413 b37144-b37158 call b2a65c call b2e214 call b30994 call b2e214 call b30b40 410->413 414 b3715d-b37164 410->414 411->387 413->414 420 b37170-b37178 call b2e1cc call b2e214 414->420 421 b37166-b3716b call b2e214 call b2fbe4 414->421 422 b37253-b3725a 416->422 423 b37228-b37241 CreateThread 416->423 451 b37301-b37305 417->451 420->411 421->420 428 b37295-b3729c call b2b5d0 422->428 429 b3725c-b37260 422->429 423->422 424 b37243-b3724c 423->424 424->422 444 b372a5-b372a7 call b28200 428->444 445 b3729e-b372a3 call b28930 428->445 436 b37262-b3726d 429->436 437 b37276-b37290 call b26ab0 call b2d95c 429->437 436->437 437->428 456 b372ac-b372b3 444->456 445->456 459 b372c7-b372e7 call b29610 call b30410 456->459 460 b372b5-b372bc 456->460 466 b372ec 459->466 460->459 463 b372be-b372c5 460->463 463->459 463->466 466->451
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • CreateThread.KERNELBASE(00000000,00000000,00B28F38,00000000,00000000,00000000), ref: 00B37085
                                                                                                                                                                                  • CreateThread.KERNELBASE(00000000,00000000,00B27438,00000000,00000000,00000000), ref: 00B370B0
                                                                                                                                                                                  • CreateThread.KERNELBASE(00000000,00000000,00B277FC,00000000,00000000,00000000), ref: 00B370C8
                                                                                                                                                                                  • CreateThread.KERNELBASE(00000000,00000000,00B27E28,00000000,00000000,00000000), ref: 00B370F7
                                                                                                                                                                                  • NtTerminateThread.NTDLL(?,00000000), ref: 00B371CC
                                                                                                                                                                                  • CreateThread.KERNELBASE(00000000,00000000,00B295F8,00000000,00000000,00000000), ref: 00B371F3
                                                                                                                                                                                  • CreateThread.KERNELBASE(00000000,00000000,00B2BFC0,00000000,00000000,00000000), ref: 00B37237
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Thread$Create$Terminate
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1922322686-0
                                                                                                                                                                                  • Opcode ID: 381d540eacd83587c0be2b97b4b8ef58b0d26f1b1dce65f938bc8b10c3d6bafd
                                                                                                                                                                                  • Instruction ID: 32f915c7d332d5b8ed2bac6b4ef5d46dba32236a89b8e36e3e64ca8936061b42
                                                                                                                                                                                  • Opcode Fuzzy Hash: 381d540eacd83587c0be2b97b4b8ef58b0d26f1b1dce65f938bc8b10c3d6bafd
                                                                                                                                                                                  • Instruction Fuzzy Hash: C49181B4988F54BFEB316BA4AC4AB6D3AE5BB06705F240194F215761F3DFB40A80CB15
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 519 b26654-b26667 520 b2666a-b2666f 519->520 520->520 521 b26671-b26685 call b2a064 520->521 524 b26691-b266b3 CreateFileW 521->524 525 b26687-b2668b 521->525 526 b267b6-b267b8 524->526 527 b266b9-b266bb 524->527 525->524 525->526 528 b267bb-b267be 526->528 529 b266be-b266e7 NtAllocateVirtualMemory 527->529 530 b267c0-b267d9 NtFreeVirtualMemory 528->530 531 b267df-b267e3 528->531 532 b266e9-b266f4 529->532 533 b266ef 529->533 530->531 531->528 536 b267e5-b267e9 531->536 537 b266f6-b26705 532->537 538 b26707-b2670a 532->538 535 b2671f-b26724 533->535 539 b26727-b26732 535->539 540 b267f4-b2680b call b26544 DeleteFileW 536->540 541 b267eb-b267ee NtClose 536->541 542 b26719-b2671d 537->542 538->542 543 b2670c-b26714 call b26614 538->543 544 b26740 539->544 545 b26734-b2673e 539->545 551 b26814-b26818 540->551 552 b2680d 540->552 541->540 542->529 542->535 543->542 548 b26745-b2674c 544->548 545->548 550 b2674f-b26765 WriteFile 548->550 553 b26767 550->553 554 b26769-b26786 SetFilePointerEx 550->554 555 b26822-b2682b 551->555 556 b2681a-b2681d call b2684c 551->556 552->551 558 b26788-b2678f 553->558 554->550 554->558 556->555 559 b26793-b267b1 558->559 560 b26791 558->560 559->539 560->526
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • CreateFileW.KERNELBASE(00B277A6,40000000,00000003,00000000,00000003,80000000,00000000,00B277A6,?,?,00000000,?), ref: 00B266A6
                                                                                                                                                                                  • NtAllocateVirtualMemory.NTDLL(000000FF,00000000,00000000,00010000,00001000,00000004,?,00000000,?), ref: 00B266DF
                                                                                                                                                                                  • WriteFile.KERNELBASE(000000FF,00000000,00010000,00010000,00000000,?,00000000,?), ref: 00B2675D
                                                                                                                                                                                  • SetFilePointerEx.KERNELBASE(000000FF,00010000,?,00000000,00000001,?,00000000,?), ref: 00B26779
                                                                                                                                                                                  • NtFreeVirtualMemory.NTDLL(000000FF,?,00010000,00008000,?,00000000,?), ref: 00B267D9
                                                                                                                                                                                  • NtClose.NTDLL(000000FF,?,00000000,?), ref: 00B267EE
                                                                                                                                                                                  • DeleteFileW.KERNELBASE(?,000000FF,?,?,00000000,?), ref: 00B26803
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: File$MemoryVirtual$AllocateCloseCreateDeleteFreePointerWrite
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3569053182-0
                                                                                                                                                                                  • Opcode ID: 4f20ec2959735bbd2ab567324d2258845acedd16db9c851f918428ce76446fba
                                                                                                                                                                                  • Instruction ID: c40a38133e48aad1afb70f202017302291cab2f902ceb45ad9145803c1908344
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4f20ec2959735bbd2ab567324d2258845acedd16db9c851f918428ce76446fba
                                                                                                                                                                                  • Instruction Fuzzy Hash: 41515D71900219AFDF21CF94EC84BEEBBF9FB04328F2001A5F915B61A0D7755E858B51
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 562 b2ddd4-b2dde5 SetThreadPriority 563 b2ddeb-b2de0a 562->563 565 b2de3a-b2de3c 563->565 566 b2de0c-b2de14 563->566 568 b2de42-b2de47 565->568 569 b2de3e-b2de41 565->569 566->565 567 b2de16 566->567 570 b2de1d-b2de32 567->570 571 b2defc-b2deff 568->571 572 b2de4d-b2de7f ReadFile 568->572 586 b2de36 570->586 587 b2de34-b2de38 570->587 573 b2df05-b2df4a call b220bc 571->573 574 b2dffd-b2e000 571->574 575 b2def2 572->575 576 b2de81-b2de8c 572->576 616 b2df63-b2df6b 573->616 617 b2df4c-b2df61 573->617 578 b2e006-b2e045 WriteFile 574->578 579 b2e08d-b2e090 574->579 580 b2e0dc-b2e0fb 575->580 576->575 581 b2de8e-b2de96 576->581 588 b2e047-b2e052 578->588 589 b2e089 578->589 579->580 585 b2e092-b2e096 579->585 596 b2e0ff-b2e107 580->596 597 b2e0fd 580->597 583 b2deb4-b2dedb 581->583 584 b2de98-b2deb2 581->584 618 b2deee 583->618 619 b2dedd-b2dee8 583->619 584->575 592 b2e098-b2e09e 585->592 593 b2e0ac-b2e0ca NtClose call b21094 call b2684c 585->593 586->570 587->563 588->589 595 b2e054-b2e072 588->595 589->580 600 b2e0a2-b2e0aa 592->600 601 b2e0a0 592->601 621 b2e0cf-b2e0da 593->621 628 b2e074-b2e07f 595->628 629 b2e085 595->629 604 b2e109 596->604 605 b2e12d 596->605 606 b2e12f-b2e131 597->606 600->592 601->593 609 b2e110-b2e125 604->609 605->580 605->606 610 b2e133-b2e136 606->610 611 b2e137 606->611 630 b2e127-b2e12b 609->630 631 b2e129 609->631 611->568 624 b2df7a-b2df86 616->624 625 b2df6d-b2df6f 616->625 623 b2df8d-b2dfa9 WriteFile 617->623 618->575 626 b2deea 619->626 627 b2deec 619->627 621->580 640 b2e13c 621->640 633 b2dff3 623->633 634 b2dfab-b2dfb6 623->634 624->623 625->624 632 b2df71-b2df78 625->632 626->575 627->583 635 b2e083 628->635 636 b2e081 628->636 629->589 630->580 631->609 632->623 633->580 634->633 639 b2dfb8-b2dfdc 634->639 635->595 636->589 643 b2dfde-b2dfe9 639->643 644 b2dfef 639->644 640->563 645 b2dfeb 643->645 646 b2dfed 643->646 644->633 645->633 646->639
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • SetThreadPriority.KERNELBASE(000000FE,00000002), ref: 00B2DDE5
                                                                                                                                                                                  • ReadFile.KERNELBASE(?,?,?,?,?), ref: 00B2DE77
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: FilePriorityReadThread
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3643687941-0
                                                                                                                                                                                  • Opcode ID: ebc94df0e8aa74c2da23041e37323dab1bca1e05e5e11b215853e171ec581151
                                                                                                                                                                                  • Instruction ID: d10d9d6cf2c8e7362a03bbf00ce80c149fef9d66ae6c28c1e8eb4c81e893a3a4
                                                                                                                                                                                  • Opcode Fuzzy Hash: ebc94df0e8aa74c2da23041e37323dab1bca1e05e5e11b215853e171ec581151
                                                                                                                                                                                  • Instruction Fuzzy Hash: C3A19B71500A28EFDF219F50EDC5BAA37FCFB15304F2042A6E91ACA096DB70DA44CB52
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 647 b2f264-b2f27b GetFileAttributesW 648 b2f2db-b2f2ed SetThreadPriority call b21574 647->648 649 b2f27d-b2f289 call b2bb50 647->649 656 b2f2f8 648->656 657 b2f2ef-b2f2f6 648->657 654 b2f28b-b2f299 call b2a064 649->654 655 b2f2cd-b2f2d8 call b2684c 649->655 654->655 664 b2f29b-b2f29f 654->664 660 b2f2ff-b2f312 call b26830 656->660 657->660 668 b2f319-b2f359 call b2c0f8 call b2f0c0 call b2684c FindFirstFileExW 660->668 666 b2f2a1-b2f2a5 664->666 667 b2f2a7-b2f2ca call b2c0f8 call b27260 call b2eec8 664->667 666->655 666->667 681 b2f491-b2f4a6 call b2684c 668->681 682 b2f35f-b2f36d 668->682 686 b2f4aa-b2f4be 681->686 687 b2f4a8-b2f4c6 call b2684c 681->687 688 b2f372-b2f37b 682->688 686->668 695 b2f4cb-b2f4ce 687->695 690 b2f385 688->690 691 b2f37d-b2f383 688->691 694 b2f470-b2f482 FindNextFileW 690->694 691->690 693 b2f38a-b2f394 691->693 696 b2f396 693->696 697 b2f39b-b2f3a2 693->697 694->688 698 b2f488-b2f48b FindClose 694->698 696->694 699 b2f3a4-b2f3a8 697->699 700 b2f3af-b2f3b3 697->700 698->681 699->700 701 b2f3aa 699->701 702 b2f3b5-b2f3bd call b2f210 700->702 703 b2f3dd-b2f3e5 call b2f178 700->703 701->694 708 b2f3d8 702->708 709 b2f3bf-b2f3c3 call b2f124 702->709 710 b2f3e7 703->710 711 b2f3ec-b2f3f3 703->711 708->694 715 b2f3c8-b2f3d6 709->715 710->694 713 b2f400-b2f40a call b2bb50 711->713 714 b2f3f5-b2f3fc 711->714 719 b2f40e-b2f42c call b2f124 call b27260 call b2eec8 713->719 720 b2f40c 713->720 714->713 716 b2f3fe 714->716 715->708 716->694 726 b2f431-b2f438 719->726 720->694 726->694 727 b2f43a-b2f43c 726->727 728 b2f465 727->728 729 b2f43e-b2f463 727->729 728->694 729->694
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetFileAttributesW.KERNELBASE(?), ref: 00B2F270
                                                                                                                                                                                  • SetThreadPriority.KERNELBASE(000000FE,00000002), ref: 00B2F2DF
                                                                                                                                                                                  • FindFirstFileExW.KERNELBASE(?,00000000,?,00000000,00000000,00000000,?,?,?,00B45180,003D0900), ref: 00B2F34C
                                                                                                                                                                                  • FindNextFileW.KERNELBASE(000000FF,?), ref: 00B2F47A
                                                                                                                                                                                  • FindClose.KERNELBASE(000000FF), ref: 00B2F48B
                                                                                                                                                                                    • Part of subcall function 00B2A064: FindFirstFileExW.KERNELBASE(00000000,00000000,?,00000000,00000000,00000000), ref: 00B2A086
                                                                                                                                                                                    • Part of subcall function 00B2A064: FindClose.KERNELBASE(000000FF), ref: 00B2A0AC
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Find$File$CloseFirst$AttributesNextPriorityThread
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3755735135-0
                                                                                                                                                                                  • Opcode ID: a6535fdf06fd9e72c64c90beaa3da0bbbcd1765d96b930ddad6bf7fb1bb29fb3
                                                                                                                                                                                  • Instruction ID: 1970fa829ed93bb3cb18f6d48015ca584a46ca73e474d9c7f9d1949c2fdac9e3
                                                                                                                                                                                  • Opcode Fuzzy Hash: a6535fdf06fd9e72c64c90beaa3da0bbbcd1765d96b930ddad6bf7fb1bb29fb3
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9B617B3480062AEBDF20AB60EC45BBEBBB5FF01305F1041F1F518762A2DB755A91DB55
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 751 b2e3b8-b2e3f6 SetFileAttributesW CreateFileW 752 b2e3f8-b2e415 SetFilePointerEx 751->752 753 b2e46d-b2e474 751->753 754 b2e417-b2e434 ReadFile 752->754 755 b2e464-b2e467 NtClose 752->755 754->755 756 b2e436-b2e44b call b2e2ac 754->756 755->753 756->755 759 b2e44d-b2e455 756->759 760 b2e457 759->760 761 b2e45e-b2e45f call b2684c 759->761 760->761 761->755
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • SetFileAttributesW.KERNELBASE(00000000,00000080,?), ref: 00B2E3D1
                                                                                                                                                                                  • CreateFileW.KERNELBASE(00000000,80000000,00000000,00000000,00000003,00000000,00000000), ref: 00B2E3E9
                                                                                                                                                                                  • SetFilePointerEx.KERNELBASE(000000FF,-00000084,00000000,00000000,00000002), ref: 00B2E40D
                                                                                                                                                                                  • ReadFile.KERNELBASE(000000FF,?,00000084,?,00000000), ref: 00B2E42C
                                                                                                                                                                                  • NtClose.NTDLL(000000FF), ref: 00B2E467
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: File$AttributesCloseCreatePointerRead
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 462290678-0
                                                                                                                                                                                  • Opcode ID: b0a30ed4b83764571f5c68ba2ff4e5cf10f1545302a2eda2b958cf94b57ea594
                                                                                                                                                                                  • Instruction ID: b471e28e7fd4a7b82214173ba0af7510b74f2faf6e3c380270535013bc58cba3
                                                                                                                                                                                  • Opcode Fuzzy Hash: b0a30ed4b83764571f5c68ba2ff4e5cf10f1545302a2eda2b958cf94b57ea594
                                                                                                                                                                                  • Instruction Fuzzy Hash: 07114F70640718FBEF30AFA1EC45FAD7BB9FB04700F5080A4B628AA1D2DB719A548B14
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 763 b2763c-b27663 765 b277f2-b277f7 763->765 766 b27669-b2767d call b26830 763->766 769 b27683-b276d0 call b216d0 FindFirstFileExW 766->769 770 b277d6-b277da 766->770 769->770 780 b276d6-b276df 769->780 771 b277e4-b277e8 770->771 772 b277dc-b277df call b2684c 770->772 771->765 774 b277ea-b277ed call b2684c 771->774 772->771 774->765 781 b277b5-b277c7 FindNextFileW 780->781 782 b276e5-b276eb 780->782 781->780 784 b277cd 781->784 782->781 783 b276f1-b2771f call b26830 782->783 783->781 789 b27725-b27761 GetFileAttributesW 783->789 784->770 793 b27763-b2776e 789->793 794 b2779e-b277a1 call b26654 789->794 798 b27772-b2777d 793->798 799 b27770 793->799 797 b277a6-b277ae call b2684c 794->797 797->781 802 b27789 798->802 803 b2777f-b2778b call b2763c 798->803 801 b2778d-b2779c call b2684c 799->801 801->781 802->801 803->793
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 00B26830: RtlAllocateHeap.NTDLL(?,00000008,00000000,?,00B376B5,?,00000000,00000000), ref: 00B26841
                                                                                                                                                                                  • FindFirstFileExW.KERNELBASE(00000000,00000000,?,00000000,00000000,00000000), ref: 00B276C3
                                                                                                                                                                                  • GetFileAttributesW.KERNELBASE(00000000), ref: 00B27756
                                                                                                                                                                                  • FindNextFileW.KERNELBASE(000000FF,?), ref: 00B277BF
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: File$Find$AllocateAttributesFirstHeapNext
                                                                                                                                                                                  • String ID: *
                                                                                                                                                                                  • API String ID: 2400493143-163128923
                                                                                                                                                                                  • Opcode ID: 67c94abcf6f37d14a8d872b055a88bba6e7fe11da9190805fe22dd09cfaee93a
                                                                                                                                                                                  • Instruction ID: f85a970b8c4f717a4e2129c98424570af5340cddb00e71cde9b6028ef41ae6f3
                                                                                                                                                                                  • Opcode Fuzzy Hash: 67c94abcf6f37d14a8d872b055a88bba6e7fe11da9190805fe22dd09cfaee93a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 59418C30C44528EBDF215FA0EC49BAEBBB9FF00305F0004A1E419A51B1EB761E64DF95
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 810 b25c34-b25c45 811 b25c66-b25c6d 810->811 812 b25c47-b25c61 call b25afc 810->812 814 b25c8e-b25c95 811->814 815 b25c6f-b25c89 call b25afc 811->815 812->811 816 b25cb6-b25cbd call b21668 814->816 817 b25c97-b25cb1 call b25afc 814->817 815->814 824 b25cc2-b25cc6 816->824 817->816 825 b25cc8-b25cf2 call b21250 824->825 826 b25ced-b25cf0 824->826 830 b25cf9-b25d14 FindFirstFileW 825->830 826->824 831 b25d16-b25d27 call b211d4 830->831 832 b25d64-b25d68 830->832 842 b25d47-b25d59 FindNextFileW 831->842 843 b25d29-b25d3b FindClose call b25a30 831->843 833 b25d6a-b25dac 832->833 834 b25d6c-b25d76 832->834 837 b25d9b-b25d9e 834->837 838 b25d78-b25d7d 834->838 837->830 840 b25d96-b25d99 838->840 841 b25d7f-b25d94 call b21250 838->841 840->838 841->837 842->831 845 b25d5b-b25d5e FindClose 842->845 847 b25d40-b25d44 843->847 845->832
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • FindFirstFileW.KERNELBASE(?,?,?,00000004,?), ref: 00B25D07
                                                                                                                                                                                  • FindClose.KERNELBASE(000000FF,?,00000000), ref: 00B25D2C
                                                                                                                                                                                  • FindNextFileW.KERNELBASE(000000FF,?,?,00000000), ref: 00B25D51
                                                                                                                                                                                  • FindClose.KERNELBASE(000000FF), ref: 00B25D5E
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Find$CloseFile$FirstNext
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1164774033-0
                                                                                                                                                                                  • Opcode ID: 51a193d652998397f0df01528f1f75ae39a49cd9db98a1849f9ae1fd89543b0f
                                                                                                                                                                                  • Instruction ID: dfda537756272bfd3422a8a3b0e70876fa0be934378d0f01b0fbf111e1dce199
                                                                                                                                                                                  • Opcode Fuzzy Hash: 51a193d652998397f0df01528f1f75ae39a49cd9db98a1849f9ae1fd89543b0f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 60416274800E28EFCB309F60FC89B997AB4FB12715F6085E5E4089F266DB744AC5CB60
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • NtSetInformationProcess.NTDLL(000000FF,00000021,00000000,00000004,00000004,00000000,00B3712D), ref: 00B2B6AD
                                                                                                                                                                                  • NtSetInformationProcess.NTDLL(000000FF,00000012,00000000,00000002), ref: 00B2B6BF
                                                                                                                                                                                  • NtSetInformationProcess.NTDLL(000000FF,0000000C,00000000,00000004), ref: 00B2B6D4
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InformationProcess
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1801817001-0
                                                                                                                                                                                  • Opcode ID: 6a403e0a213271e7d90c00574bbddf3762931a18a4deedef23f52a425061443b
                                                                                                                                                                                  • Instruction ID: 2310f0d7c9554ca8bcc859263428e522b00d99eced8f111fee4e7a3f778cdd01
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6a403e0a213271e7d90c00574bbddf3762931a18a4deedef23f52a425061443b
                                                                                                                                                                                  • Instruction Fuzzy Hash: C7F01CB5240A24AFFF21AB94DCC6F55379CEB06721F1003A1B731DE1DADBB085448752
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 00B26830: RtlAllocateHeap.NTDLL(?,00000008,00000000,?,00B376B5,?,00000000,00000000), ref: 00B26841
                                                                                                                                                                                  • NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 00B27E4E
                                                                                                                                                                                  • Sleep.KERNELBASE(000007D0,?), ref: 00B27F15
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AllocateHeapInformationQuerySleepSystem
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3184523392-0
                                                                                                                                                                                  • Opcode ID: 65299d3524aa5910d540789778db1ccab643b80d845290ed0cf38096adb55f8e
                                                                                                                                                                                  • Instruction ID: 069dd99c4ded74969f6700e009d08f1eb48547cba1646a93052cc28ba0ed66f6
                                                                                                                                                                                  • Opcode Fuzzy Hash: 65299d3524aa5910d540789778db1ccab643b80d845290ed0cf38096adb55f8e
                                                                                                                                                                                  • Instruction Fuzzy Hash: BE214B71844218EBDF119F90EC84BDEBBB9FF04304F2080D5E918AA261DB728A45DFA4
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • RtlAdjustPrivilege.NTDLL(00000014,00000001,00000000,00000000), ref: 00B28F5A
                                                                                                                                                                                    • Part of subcall function 00B297A8: NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 00B297D5
                                                                                                                                                                                    • Part of subcall function 00B29850: NtClose.NTDLL(00000000), ref: 00B29941
                                                                                                                                                                                  • NtSetInformationThread.NTDLL(000000FE,00000005,00000000,00000004,00000000,00000002,00000002,89F9D59D), ref: 00B28F91
                                                                                                                                                                                    • Part of subcall function 00B28D78: OpenSCManagerW.SECHOST(00000000,00000000,00000001,25DD2DA4), ref: 00B28DB6
                                                                                                                                                                                    • Part of subcall function 00B28D78: QueryServiceStatusEx.ADVAPI32(00000000,00000000,?,00000024,?), ref: 00B28E49
                                                                                                                                                                                    • Part of subcall function 00B28D78: CloseServiceHandle.SECHOST(00000000), ref: 00B28E7D
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CloseInformationQueryService$AdjustHandleManagerOpenPrivilegeStatusSystemThread
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 4175529950-0
                                                                                                                                                                                  • Opcode ID: 307c4f830bb5f0fac968e00e0f279e092a02f8e1a3d6b11a022cfd7de68b5665
                                                                                                                                                                                  • Instruction ID: c50938ca174110169d3ae56244974b2d2832fd53902204c5b390d91341fc6157
                                                                                                                                                                                  • Opcode Fuzzy Hash: 307c4f830bb5f0fac968e00e0f279e092a02f8e1a3d6b11a022cfd7de68b5665
                                                                                                                                                                                  • Instruction Fuzzy Hash: 18215070901718BBEB20ABA0AD4EF9E7BF9EB00315F104494B61CBA1D1EB748A84CB51
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • RtlAdjustPrivilege.NTDLL(00000014,00000001,00000000,00000000), ref: 00B28F5A
                                                                                                                                                                                    • Part of subcall function 00B297A8: NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 00B297D5
                                                                                                                                                                                    • Part of subcall function 00B29850: NtClose.NTDLL(00000000), ref: 00B29941
                                                                                                                                                                                  • NtSetInformationThread.NTDLL(000000FE,00000005,00000000,00000004,00000000,00000002,00000002,89F9D59D), ref: 00B28F91
                                                                                                                                                                                    • Part of subcall function 00B28D78: OpenSCManagerW.SECHOST(00000000,00000000,00000001,25DD2DA4), ref: 00B28DB6
                                                                                                                                                                                    • Part of subcall function 00B28D78: QueryServiceStatusEx.ADVAPI32(00000000,00000000,?,00000024,?), ref: 00B28E49
                                                                                                                                                                                    • Part of subcall function 00B28D78: CloseServiceHandle.SECHOST(00000000), ref: 00B28E7D
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CloseInformationQueryService$AdjustHandleManagerOpenPrivilegeStatusSystemThread
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 4175529950-0
                                                                                                                                                                                  • Opcode ID: 99f50020519d7bf4077d86e0a883c36c8091b7241cdf70070d7eaaf0b2fe6de6
                                                                                                                                                                                  • Instruction ID: fb584764007d90a73205159b36ff3d2c1a5b3c4649b9e1884ebc432e1849a1d9
                                                                                                                                                                                  • Opcode Fuzzy Hash: 99f50020519d7bf4077d86e0a883c36c8091b7241cdf70070d7eaaf0b2fe6de6
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2F216270901718BBEB20ABA0ED4EF9E7BF9EB00315F1044D4B61CBA1D1EB748A84CB51
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 00B27560: FindFirstFileExW.KERNELBASE(?,00000000,?,00000000,00000000,00000000), ref: 00B275CF
                                                                                                                                                                                    • Part of subcall function 00B27560: FindClose.KERNELBASE(000000FF), ref: 00B2762C
                                                                                                                                                                                  • FindFirstFileExW.KERNELBASE(?,00000000,?,00000000,00000000,00000000), ref: 00B274EF
                                                                                                                                                                                  • FindNextFileW.KERNELBASE(000000FF,?), ref: 00B27546
                                                                                                                                                                                    • Part of subcall function 00B2763C: FindFirstFileExW.KERNELBASE(00000000,00000000,?,00000000,00000000,00000000), ref: 00B276C3
                                                                                                                                                                                    • Part of subcall function 00B2763C: GetFileAttributesW.KERNELBASE(00000000), ref: 00B27756
                                                                                                                                                                                    • Part of subcall function 00B2763C: FindNextFileW.KERNELBASE(000000FF,?), ref: 00B277BF
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: FileFind$First$Next$AttributesClose
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 95010735-0
                                                                                                                                                                                  • Opcode ID: 21d6b592944f3d893a50710207920c4d7161f721d993e8941b2f1d5029f1e3fc
                                                                                                                                                                                  • Instruction ID: 1cec21eedca428b30d5b92a57f7eb92f662aabe16ce1661902144acc929ed949
                                                                                                                                                                                  • Opcode Fuzzy Hash: 21d6b592944f3d893a50710207920c4d7161f721d993e8941b2f1d5029f1e3fc
                                                                                                                                                                                  • Instruction Fuzzy Hash: D0214FB184061CABDB20EB90DD09FD9B7BCEB15301F4000E1A60CD7191EB349B54CF66
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • FindFirstFileExW.KERNELBASE(?,00000000,?,00000000,00000000,00000000), ref: 00B275CF
                                                                                                                                                                                  • FindClose.KERNELBASE(000000FF), ref: 00B2762C
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Find$CloseFileFirst
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2295610775-0
                                                                                                                                                                                  • Opcode ID: b161f610776f2abf2183965d2b76a43513522d2d324fc28336e8766aeebb8134
                                                                                                                                                                                  • Instruction ID: 4fd690dc249fc8a5769236eabacafb058f85262650337304c81013830a294062
                                                                                                                                                                                  • Opcode Fuzzy Hash: b161f610776f2abf2183965d2b76a43513522d2d324fc28336e8766aeebb8134
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9A2130B4840618EFDB209F94ED0CB9DBBB9FB05305F104191E908AB262DB719B98CF55
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 00B27E4E
                                                                                                                                                                                  • Sleep.KERNELBASE(000007D0,?), ref: 00B27F15
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InformationQuerySleepSystem
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3518162127-0
                                                                                                                                                                                  • Opcode ID: c3d10ff0e724a98728faee625fa8f0632606fffc92bff2e1fa1915fc4b4a84fa
                                                                                                                                                                                  • Instruction ID: 26cf8e77c7f27fbd819702e2b1077f9f9f8d452dcac26ba41891c17eba692a64
                                                                                                                                                                                  • Opcode Fuzzy Hash: c3d10ff0e724a98728faee625fa8f0632606fffc92bff2e1fa1915fc4b4a84fa
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7F216D70844218EFDF119F90E884BDEBBB9FF00304F2080D5E908AA265DB728A45DFA4
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 00B27E4E
                                                                                                                                                                                  • Sleep.KERNELBASE(000007D0,?), ref: 00B27F15
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InformationQuerySleepSystem
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3518162127-0
                                                                                                                                                                                  • Opcode ID: 74142b7e8ab6386488dfa7a235409ae2652504375cf4557d603d523b47d0b3aa
                                                                                                                                                                                  • Instruction ID: 26cf8e77c7f27fbd819702e2b1077f9f9f8d452dcac26ba41891c17eba692a64
                                                                                                                                                                                  • Opcode Fuzzy Hash: 74142b7e8ab6386488dfa7a235409ae2652504375cf4557d603d523b47d0b3aa
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7F216D70844218EFDF119F90E884BDEBBB9FF00304F2080D5E908AA265DB728A45DFA4
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • CreateThread.KERNELBASE(00000000,00000000,00B2DDD4,00000000,00000000,00000000,?,00000000), ref: 00B2E195
                                                                                                                                                                                  • NtClose.NTDLL(00000000,00000000,?,00000000), ref: 00B2E1A8
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CloseCreateThread
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 562768112-0
                                                                                                                                                                                  • Opcode ID: 19f74a342b935c7b61594e26dfd3942504c25b47cb9d349097505a3d8dc5c730
                                                                                                                                                                                  • Instruction ID: 94501d2d511c5d3e911fcab3c588b13bb2bf1a923b4ad9ce858376c7c877a2ca
                                                                                                                                                                                  • Opcode Fuzzy Hash: 19f74a342b935c7b61594e26dfd3942504c25b47cb9d349097505a3d8dc5c730
                                                                                                                                                                                  • Instruction Fuzzy Hash: BE016734740F24ABE730AB54AC85B9D77A4FB05B15F600260F915A72E2DFB09A048565
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • NtSetInformationThread.NTDLL(000000FE,00000005,00000008,00000004), ref: 00B2B3F4
                                                                                                                                                                                  • NtClose.NTDLL(00000008), ref: 00B2B402
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CloseInformationThread
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3167811113-0
                                                                                                                                                                                  • Opcode ID: b2ee07318173e6541742362803bba3f2c874d5acd5d54e980d03b3807ed31469
                                                                                                                                                                                  • Instruction ID: 30ceb989a9f5f4a1d19705bed7cc604d5fbff7654bb661ac679099ed525eca8b
                                                                                                                                                                                  • Opcode Fuzzy Hash: b2ee07318173e6541742362803bba3f2c874d5acd5d54e980d03b3807ed31469
                                                                                                                                                                                  • Instruction Fuzzy Hash: 52014474500208EFEB10DF50DC89F9ABBF8FB00315F5081A5E9149B2A1DB759A48DB90
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetLogicalDriveStringsW.KERNELBASE(00000104,?), ref: 00B2744F
                                                                                                                                                                                  • GetDriveTypeW.KERNELBASE(?), ref: 00B27465
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Drive$LogicalStringsType
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1630765265-0
                                                                                                                                                                                  • Opcode ID: 496cc2153cc013685131152763e8ef79a578a3d46e7aed39cdd1dd6d20b33c85
                                                                                                                                                                                  • Instruction ID: cfb40ffb82839844cb0d45a22ae10b49e9e63956fd3bc8163c8a88bdb1325a5b
                                                                                                                                                                                  • Opcode Fuzzy Hash: 496cc2153cc013685131152763e8ef79a578a3d46e7aed39cdd1dd6d20b33c85
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7CE0E536545B3957CB30B6987CC59AB779CDB15300F0006D0EA6CD2201CF509E86C695
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • FindFirstFileExW.KERNELBASE(00000000,00000000,?,00000000,00000000,00000000), ref: 00B2A086
                                                                                                                                                                                  • FindClose.KERNELBASE(000000FF), ref: 00B2A0AC
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Find$CloseFileFirst
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2295610775-0
                                                                                                                                                                                  • Opcode ID: 33858ef3a1c0328cfdfd51c452dde4fd2c1d70ba4aaaf77cf3a7f987e1e0bf1f
                                                                                                                                                                                  • Instruction ID: 841687add8902023350d37b6c0cc600175a6571ac6c379b6c4680b61565f1757
                                                                                                                                                                                  • Opcode Fuzzy Hash: 33858ef3a1c0328cfdfd51c452dde4fd2c1d70ba4aaaf77cf3a7f987e1e0bf1f
                                                                                                                                                                                  • Instruction Fuzzy Hash: CEF01774901608EFDB20DF94CC49BACBBB5FB45310F208295A818AB2A0DB716B91CF44
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Close
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3535843008-0
                                                                                                                                                                                  • Opcode ID: bdad29eefb65948154309f1938a02b520aa18bae4c9851b1cb2eeaa07b318e18
                                                                                                                                                                                  • Instruction ID: a6c17c864905e01f74b7df88b1c4ce98fb7a7e861ef567f8501cf6cf899dc821
                                                                                                                                                                                  • Opcode Fuzzy Hash: bdad29eefb65948154309f1938a02b520aa18bae4c9851b1cb2eeaa07b318e18
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2031B87480020CEFEB11CF94D848BDEBBB8FB05319F608199E414BB291D7B69A49DF95
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 00B26830: RtlAllocateHeap.NTDLL(?,00000008,00000000,?,00B376B5,?,00000000,00000000), ref: 00B26841
                                                                                                                                                                                  • NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 00B297D5
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AllocateHeapInformationQuerySystem
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3114120137-0
                                                                                                                                                                                  • Opcode ID: 10dc2454603b7a072417dbc56aeb671a32acd16aecaff6b7ef8d160a6aa8af6a
                                                                                                                                                                                  • Instruction ID: 2481f913c4a44f928fd64aa6508142ea28c40fbe4a4e451c3a59bfe6b26a65c1
                                                                                                                                                                                  • Opcode Fuzzy Hash: 10dc2454603b7a072417dbc56aeb671a32acd16aecaff6b7ef8d160a6aa8af6a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 19113A75D00128FBCF119F94E881ADDBBB4EF15350F6081E2EA18AA161D7325E50DB95
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • NtQueryInformationToken.NTDLL(00000000,00000001,?,00000028,?,00000000), ref: 00B26CA7
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InformationQueryToken
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 4239771691-0
                                                                                                                                                                                  • Opcode ID: cccbebfd5818c99fb4581af441ac836b8bb81a560c5d037245ad4fb6aec65831
                                                                                                                                                                                  • Instruction ID: 72a60b5d3822034d924d2a280eb0120b481387e19505e83ec3a19b0bb58a6a2a
                                                                                                                                                                                  • Opcode Fuzzy Hash: cccbebfd5818c99fb4581af441ac836b8bb81a560c5d037245ad4fb6aec65831
                                                                                                                                                                                  • Instruction Fuzzy Hash: EE11827050062DEBDF10EF90EC84BEEBBB8FB04305F5041A5E958A61A1DB715A98DB51
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • LdrLoadDll.NTDLL(00000000,00000000,00000000,?), ref: 00B25A81
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Load
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2234796835-0
                                                                                                                                                                                  • Opcode ID: 1265fa8b7a087ad49ce4acc4e01a962a57903f9a19240a6ebfb2421c71540d25
                                                                                                                                                                                  • Instruction ID: b307ed8827b59f9b5325fcf8ed6d8094d838900a2c90a8c45f3ea44f13899cf4
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1265fa8b7a087ad49ce4acc4e01a962a57903f9a19240a6ebfb2421c71540d25
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6DF0313694051DFACF20EE94E845FDEB7FCFB05314F5041A2E509E3040D6349B088BA0
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • NtQueryInformationToken.NTDLL(?,00000001,?,0000002C,?), ref: 00B2B5FA
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InformationQueryToken
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 4239771691-0
                                                                                                                                                                                  • Opcode ID: a553a62e9fa8eb7f5f975ad1063cc5a57cdf953bb4651505ec51dad858b44232
                                                                                                                                                                                  • Instruction ID: 97970b75b9708a2b3f967fe646f338da7686d9b2218dc2815c57edf052286c72
                                                                                                                                                                                  • Opcode Fuzzy Hash: a553a62e9fa8eb7f5f975ad1063cc5a57cdf953bb4651505ec51dad858b44232
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5CF05E35600608AFEB20CF94EC85FA9B7BDFB05715FA002A5F918D72A1EB619F44CB10
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • NtTerminateProcess.NTDLL(00B27D88,00000000), ref: 00B2DC1F
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ProcessTerminate
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 560597551-0
                                                                                                                                                                                  • Opcode ID: fcc1262c684c299d8c6a209042cff938243c3a40dbaa06aef9164fccc706bce2
                                                                                                                                                                                  • Instruction ID: b04c23c3a115db41769b972b91711baed290577a093e148b0d0b35fe1633f79f
                                                                                                                                                                                  • Opcode Fuzzy Hash: fcc1262c684c299d8c6a209042cff938243c3a40dbaa06aef9164fccc706bce2
                                                                                                                                                                                  • Instruction Fuzzy Hash: B801ECB4900208EFEB10CF90D848BDEBBB8FB05318F108198E504AB291D7B69645CF91
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 00B297D5
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InformationQuerySystem
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3562636166-0
                                                                                                                                                                                  • Opcode ID: eb9458f0f7709e6b11431cd2d1044bfc22599125e0e8a133ab5db0baf71a5da9
                                                                                                                                                                                  • Instruction ID: b0e202834c31b99c186bb641bbe144eee55039bea41f24f25dd22d30ef2c4f59
                                                                                                                                                                                  • Opcode Fuzzy Hash: eb9458f0f7709e6b11431cd2d1044bfc22599125e0e8a133ab5db0baf71a5da9
                                                                                                                                                                                  • Instruction Fuzzy Hash: 31F03A35904028EBCF109F84F8C0BACBBF4FF15341F6480E2EA0DAA115D3719A50EB12
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 00B297D5
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InformationQuerySystem
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3562636166-0
                                                                                                                                                                                  • Opcode ID: 3c2cc4f7e0c2835f3edcf6c9b91e5c3a28595204c2bfb23962bff67694010372
                                                                                                                                                                                  • Instruction ID: b0e202834c31b99c186bb641bbe144eee55039bea41f24f25dd22d30ef2c4f59
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3c2cc4f7e0c2835f3edcf6c9b91e5c3a28595204c2bfb23962bff67694010372
                                                                                                                                                                                  • Instruction Fuzzy Hash: 31F03A35904028EBCF109F84F8C0BACBBF4FF15341F6480E2EA0DAA115D3719A50EB12
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 95 b28200-b28259 96 b28260-b2826f 95->96 97 b2825b 95->97 104 b28271 96->104 105 b28276-b28286 96->105 98 b28889-b2888d 97->98 99 b28898-b2889c 98->99 100 b2888f 98->100 102 b2889e-b288a2 99->102 103 b288ad-b288b1 99->103 100->99 102->103 106 b288a4 102->106 107 b288b3 103->107 108 b288bc-b288c0 103->108 104->98 112 b28288 105->112 113 b2828d-b2829d 105->113 106->103 107->108 110 b288c2 108->110 111 b288cb-b288cf 108->111 110->111 114 b288d1-b288d4 call b2684c 111->114 115 b288d9-b288dd 111->115 112->98 125 b282a4-b282bf call b30df4 113->125 126 b2829f 113->126 114->115 116 b288e7-b288eb 115->116 117 b288df-b288e2 call b2684c 115->117 120 b288f6-b288fa 116->120 121 b288ed 116->121 117->116 123 b28905-b28909 120->123 124 b288fc 120->124 121->120 128 b28914-b28918 123->128 129 b2890b 123->129 124->123 133 b282c1-b282e6 125->133 134 b282e9-b28379 call b21250 125->134 126->98 131 b28925-b2892b 128->131 132 b2891a-b2891d 128->132 129->128 132->131 133->134 141 b28380-b2838e 134->141 142 b2837b 134->142 144 b28390 141->144 145 b28395-b283a6 call b26830 141->145 142->98 144->98 148 b283a8 145->148 149 b283ad-b283b5 call b21574 145->149 148->98 152 b283d1-b283e2 call b26db0 149->152 153 b283b7-b283c8 call b26db0 149->153 158 b283e4 152->158 159 b283e9-b28402 152->159 160 b283ca 153->160 161 b283cf 153->161 158->98 163 b28404-b28413 call b2684c 159->163 164 b28418-b2842b 159->164 160->98 161->159 163->98 168 b28432-b28448 164->168 169 b2842d 164->169 171 b2844a 168->171 172 b2844f-b2845d 168->172 169->98 171->98 174 b28464-b284b7 call b21574 172->174 175 b2845f 172->175 181 b284c8 174->181 182 b284b9-b284c6 174->182 175->98 183 b284cb-b284ec DrawTextW 181->183 182->183 184 b284f3-b2859b 183->184 185 b284ee 183->185 189 b285a2-b285cf 184->189 190 b2859d 184->190 185->98 193 b285d1 189->193 194 b285d6-b2864f call b216d0 call b21250 CreateFileW 189->194 190->98 193->98 202 b28651 194->202 203 b28656-b28670 WriteFile 194->203 202->98 204 b28672 203->204 205 b28677-b2868e WriteFile 203->205 204->98 206 b28690 205->206 207 b28695-b286ac WriteFile 205->207 206->98 208 b286b3-b286d7 call b26c60 207->208 209 b286ae 207->209 213 b286d9 208->213 214 b286de-b28782 call b216d0 call b21250 RegCreateKeyExW 208->214 209->98 213->98 220 b28784 214->220 221 b28789-b287e8 call b21250 RegSetValueExW 214->221 220->98 225 b287ea 221->225 226 b287ef-b28870 call b21250 RegSetValueExW 221->226 225->98 230 b28872 226->230 231 b28874-b28878 226->231 230->98 231->98 232 b2887a-b28881 231->232 232->98
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: ($BM
                                                                                                                                                                                  • API String ID: 0-2980357723
                                                                                                                                                                                  • Opcode ID: 80736aad2a8115ef17a6a4a044388d626b95253534396644f12f631350dd3f1b
                                                                                                                                                                                  • Instruction ID: f7a01b150b3e0520c0262aac8e3caf353405017c89c715b2e16de4a60a3de793
                                                                                                                                                                                  • Opcode Fuzzy Hash: 80736aad2a8115ef17a6a4a044388d626b95253534396644f12f631350dd3f1b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 49228B70901618EFEB209FA0EC49BEEBBB4FF05301F5444A5E219BB1A1DB718A44DF65
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 469 b2bb94-b2bbbe 471 b2bbc0 469->471 472 b2bbc5-b2bbdc 469->472 473 b2bde8-b2bdec 471->473 477 b2bbe3-b2bbf0 call b26830 472->477 478 b2bbde 472->478 475 b2bdf7-b2bdfb 473->475 476 b2bdee 473->476 479 b2be06-b2be0a 475->479 480 b2bdfd-b2be00 DeleteDC 475->480 476->475 488 b2bbf2 477->488 489 b2bbf7-b2bc52 call b21250 CreateDCW 477->489 478->473 481 b2be14-b2be18 479->481 482 b2be0c-b2be0f call b2684c 479->482 480->479 485 b2be23-b2be28 481->485 486 b2be1a 481->486 482->481 486->485 488->473 493 b2bc54 489->493 494 b2bc59-b2bd23 call b21250 CreateFontIndirectW StartDocW 489->494 493->473 504 b2bd25 494->504 505 b2bd2a-b2bd35 call b21730 494->505 504->473 508 b2bd3a-b2bd46 505->508 510 b2bd4a-b2bdc2 DrawTextA EndPage 508->510 511 b2bd48 508->511 510->508 512 b2bdc8-b2bdd7 EndDoc call b21730 510->512 511->512 515 b2bddc-b2bddf 512->515 515->473
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Delete
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1035893169-0
                                                                                                                                                                                  • Opcode ID: 8796183ae5c751b4f24587198b0bd0a4505ec9f80c54088309efbb1498fae429
                                                                                                                                                                                  • Instruction ID: 378934d3ce6ca66d140b7cd6d827b329f7deb331284a1575a891fc0041c07f08
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8796183ae5c751b4f24587198b0bd0a4505ec9f80c54088309efbb1498fae429
                                                                                                                                                                                  • Instruction Fuzzy Hash: AD812475940618FFDF219FA0EC49BADBBB5FF15301F2044A5F609AA1A1CB724A50EF50
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 731 b2c1e8-b2c213 CreateFileW 732 b2c349-b2c34f 731->732 733 b2c219-b2c232 731->733 734 b2c238-b2c24a call b217bc 733->734 737 b2c251-b2c274 WriteFile 734->737 738 b2c276-b2c285 737->738 739 b2c288-b2c2ad WriteFile 737->739 740 b2c2c1-b2c2e4 WriteFile 739->740 741 b2c2af-b2c2be 739->741 743 b2c2e6-b2c2f5 740->743 744 b2c2f8-b2c31d WriteFile 740->744 746 b2c331-b2c33e 744->746 747 b2c31f-b2c32e 744->747 746->737 748 b2c344 746->748 748->734
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • CreateFileW.KERNELBASE(00000000,40000000,00000000,00000000,00000002,00000080,00000000,?,?,00000000), ref: 00B2C206
                                                                                                                                                                                  • WriteFile.KERNELBASE(000000FF,?,00000001,00000000,00000000,00B46000,?,?,?,00000000), ref: 00B2C267
                                                                                                                                                                                  • WriteFile.KERNELBASE(000000FF,?,00000001,00000000,00000000,?,?,00000000), ref: 00B2C2A0
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: File$Write$Create
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1602526932-0
                                                                                                                                                                                  • Opcode ID: 4addbfba7145fd050fcee443c5ace20a1836a13761a8017d4efa3c774c775e7c
                                                                                                                                                                                  • Instruction ID: 07cf569db7892359bb71b9a7abe699738ce5c78fd0c9ee25c702cb527ec8d68e
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4addbfba7145fd050fcee443c5ace20a1836a13761a8017d4efa3c774c775e7c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 24416A35A0060CEFDB10DBD4EC45BEEFBBAFB55312F5081A6E604A2292D7714B14DB92
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • RegCreateKeyExW.KERNELBASE(80000002,?,00000000,00000000,00000000,00020119,00000000,?,00000000), ref: 00B30F69
                                                                                                                                                                                  • RegQueryValueExW.KERNELBASE(?,?,00000000,00000004,00000004,00000004), ref: 00B30F9C
                                                                                                                                                                                  • RegDeleteKeyExW.KERNELBASE(80000002,?,00000100,00000000,000000FF,00000000), ref: 00B31005
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CreateDeleteQueryValue
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1796729037-0
                                                                                                                                                                                  • Opcode ID: 7b8a73a77c8b90be2cac7c6a60ae79ccb83076a58550aa4f7f576d65d4744836
                                                                                                                                                                                  • Instruction ID: a03d3eed8337a60b068d023589907f4de7f9173d49eeb4d9fa0090599ffb25d3
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7b8a73a77c8b90be2cac7c6a60ae79ccb83076a58550aa4f7f576d65d4744836
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A5147B0950619AFEB20DF90DC49FFEBBBCFF05700F5040A4BA14AA1A2D7709A54CB65
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 00B2E308: SetFileAttributesW.KERNELBASE(00000000,00000080,?,00000000,?,?,?), ref: 00B2E329
                                                                                                                                                                                    • Part of subcall function 00B2E308: CreateFileW.KERNELBASE(00000000,40000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?,?,?), ref: 00B2E341
                                                                                                                                                                                    • Part of subcall function 00B2E3B8: SetFileAttributesW.KERNELBASE(00000000,00000080,?), ref: 00B2E3D1
                                                                                                                                                                                    • Part of subcall function 00B2E3B8: CreateFileW.KERNELBASE(00000000,80000000,00000000,00000000,00000003,00000000,00000000), ref: 00B2E3E9
                                                                                                                                                                                    • Part of subcall function 00B2E3B8: SetFilePointerEx.KERNELBASE(000000FF,-00000084,00000000,00000000,00000002), ref: 00B2E40D
                                                                                                                                                                                    • Part of subcall function 00B2E3B8: ReadFile.KERNELBASE(000000FF,?,00000084,?,00000000), ref: 00B2E42C
                                                                                                                                                                                    • Part of subcall function 00B2E3B8: NtClose.NTDLL(000000FF), ref: 00B2E467
                                                                                                                                                                                  • MoveFileExW.KERNELBASE(00000000,00000000,00000008,00000000,00000000,00000000,00000000,?,00000000,?), ref: 00B2EF4B
                                                                                                                                                                                  • CreateIoCompletionPort.KERNELBASE(000000FF,00000000,00000000,00000000,00000000,?,?,00000000,?), ref: 00B2F00C
                                                                                                                                                                                  • CreateFileW.KERNELBASE(00000000,C0000000,00000000,00000000,00000003,40000000,00000000,00000000,?,00000000,?), ref: 00B2EFC2
                                                                                                                                                                                    • Part of subcall function 00B2684C: RtlFreeHeap.NTDLL(?,00000000,00000000,?,00B37745,00000000), ref: 00B2685D
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: File$Create$Attributes$CloseCompletionFreeHeapMovePointerPortRead
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 404628605-0
                                                                                                                                                                                  • Opcode ID: 6ea7c92587fb8caa5305323517565f4f105fa4114caf4665e63809c7afabaebf
                                                                                                                                                                                  • Instruction ID: 876240c0cb168cd76ade37b0d64e91078c409a54ffb5939df403adee614085a9
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6ea7c92587fb8caa5305323517565f4f105fa4114caf4665e63809c7afabaebf
                                                                                                                                                                                  • Instruction Fuzzy Hash: E1515C34900A18FBEF216FA1EC49BAE7FB5FF00311F1080A4F6196A1A2DB758A50DF51
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 00B297A8: NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 00B297D5
                                                                                                                                                                                  • OpenSCManagerW.SECHOST(00000000,00000000,00000001,25DD2DA4), ref: 00B28DB6
                                                                                                                                                                                  • QueryServiceStatusEx.ADVAPI32(00000000,00000000,?,00000024,?), ref: 00B28E49
                                                                                                                                                                                  • CloseServiceHandle.SECHOST(00000000), ref: 00B28E7D
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: QueryService$CloseHandleInformationManagerOpenStatusSystem
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3809768517-0
                                                                                                                                                                                  • Opcode ID: b5393869d78e63ee5ea167b9608ec8b45cb9193b4cae6d3547d08e9acb487a80
                                                                                                                                                                                  • Instruction ID: ee32c378c91cac932c734b793efd01bf1c555a5c260f0c219872e2c486cdb389
                                                                                                                                                                                  • Opcode Fuzzy Hash: b5393869d78e63ee5ea167b9608ec8b45cb9193b4cae6d3547d08e9acb487a80
                                                                                                                                                                                  • Instruction Fuzzy Hash: B8315E70811218EFDB10DF94D948BADBBB4FF04304F528194E405AB2A1DB749F54CF91
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: cacba4f67b23e193ed249108c70f962824305987d9beff7ff3e0891a935a2f0e
                                                                                                                                                                                  • Instruction ID: 94bbdd25ba2ef029fb496467a3a463b2769365b30d1582421011891a4f3a8698
                                                                                                                                                                                  • Opcode Fuzzy Hash: cacba4f67b23e193ed249108c70f962824305987d9beff7ff3e0891a935a2f0e
                                                                                                                                                                                  • Instruction Fuzzy Hash: AE21A630840528EBDF22AB64ED4675C7FB6BF16316F6041A1E50979162CB720F64BB15
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • CreateThread.KERNELBASE(00000000,00000000,00B2A440,?,00000004,00000000), ref: 00B2A489
                                                                                                                                                                                  • ResumeThread.KERNELBASE(00000000), ref: 00B2A4CD
                                                                                                                                                                                  • GetExitCodeThread.KERNELBASE(00000000,00000000), ref: 00B2A4E5
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Thread$CodeCreateExitResume
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 4070214711-0
                                                                                                                                                                                  • Opcode ID: 140024f9d649e89ca39c1a848fc873b39e33c26e81a2f7e21c917186c17cee96
                                                                                                                                                                                  • Instruction ID: 1baf78b2c073260b9c9cf61f14e7072d524a8b3c2df07ae505997f99d2d55b20
                                                                                                                                                                                  • Opcode Fuzzy Hash: 140024f9d649e89ca39c1a848fc873b39e33c26e81a2f7e21c917186c17cee96
                                                                                                                                                                                  • Instruction Fuzzy Hash: 43111674900608FFDB20DF94ED09BADBBB5FB05311F2041A5F918A62A1DB719B50EB41
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • CreateThread.KERNELBASE(00000000,00000000,00B2A180,?,00000004,00000000), ref: 00B2A1B4
                                                                                                                                                                                  • ResumeThread.KERNELBASE(00000000), ref: 00B2A1F8
                                                                                                                                                                                  • GetExitCodeThread.KERNELBASE(00000000,00000000), ref: 00B2A210
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Thread$CodeCreateExitResume
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 4070214711-0
                                                                                                                                                                                  • Opcode ID: 163dc0062ee208e2cc655fec709baf6164f2df871a013dbf06ce1514a73202cb
                                                                                                                                                                                  • Instruction ID: 36296198b407cdb99b6bb895aa619a633a0a9e3c97057c16a55b31b04546a3c6
                                                                                                                                                                                  • Opcode Fuzzy Hash: 163dc0062ee208e2cc655fec709baf6164f2df871a013dbf06ce1514a73202cb
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3711F735940A08FFDF219F90ED0AB9CBB71FB16322F204191F914A62B1DB725B64EB45
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • CoInitialize.OLE32(00000000), ref: 00B27823
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Initialize
                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                  • API String ID: 2538663250-2766056989
                                                                                                                                                                                  • Opcode ID: 25e42a7103b83cbacc0d70dd82e4eccb4757ab618af6dc29833540c2d83842de
                                                                                                                                                                                  • Instruction ID: acf8031c30d6b87eaff7721e8ca52b54b1bc42e27bfbdf3d7ae88bd8e67afae6
                                                                                                                                                                                  • Opcode Fuzzy Hash: 25e42a7103b83cbacc0d70dd82e4eccb4757ab618af6dc29833540c2d83842de
                                                                                                                                                                                  • Instruction Fuzzy Hash: 03D117B0940219EFDB10DF90E889F9ABBB8FF16300F118995E519AF262D771DA44CF64
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • SetFileAttributesW.KERNELBASE(00000000,00000080,?,00000000,?,?,?), ref: 00B2E329
                                                                                                                                                                                  • CreateFileW.KERNELBASE(00000000,40000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?,?,?), ref: 00B2E341
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: File$AttributesCreate
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 415043291-0
                                                                                                                                                                                  • Opcode ID: f5dcb045817f4f43cdb7c7c73be975362b850ba950a114caea1460ffc49b7a67
                                                                                                                                                                                  • Instruction ID: 7bc54b2afc03ea647fddb722b0023f8c900823dfa97b0655980f26637cfe9584
                                                                                                                                                                                  • Opcode Fuzzy Hash: f5dcb045817f4f43cdb7c7c73be975362b850ba950a114caea1460ffc49b7a67
                                                                                                                                                                                  • Instruction Fuzzy Hash: 35119870504618FBDB32CB52FC457AC7BF4EB00722F2042A6F529A61E0C7709A40DA59
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • MoveFileExW.KERNELBASE(00000000,00000000,00000008,00000000,00000000,00000000,00000000,?,00000000,?), ref: 00B2EF4B
                                                                                                                                                                                  • CreateFileW.KERNELBASE(00000000,C0000000,00000000,00000000,00000003,40000000,00000000,00000000,?,00000000,?), ref: 00B2EFC2
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: File$CreateMove
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3198096935-0
                                                                                                                                                                                  • Opcode ID: ce73bf5e68dba4763a7e3e1ac1e87f391f1d818b4a5e50d102bd54d71fc1bf6b
                                                                                                                                                                                  • Instruction ID: a18858dc9eab5f37a34e241d0aeca95a1490cac856cba35ccdea4c87089146b5
                                                                                                                                                                                  • Opcode Fuzzy Hash: ce73bf5e68dba4763a7e3e1ac1e87f391f1d818b4a5e50d102bd54d71fc1bf6b
                                                                                                                                                                                  • Instruction Fuzzy Hash: F2F04F34A00218FAEB315FA5FD45BADBBB1EB00721F2081F2B629690E1C7318650EB41
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • QueryServiceStatusEx.ADVAPI32(00000000,00000000,?,00000024,?), ref: 00B28E49
                                                                                                                                                                                  • CloseServiceHandle.SECHOST(00000000), ref: 00B28E7D
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Service$CloseHandleQueryStatus
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 167009670-0
                                                                                                                                                                                  • Opcode ID: 07d32b7aba8f9e8937063ca8e881b2aa3f7910000644b7b4467bfa3a097cb330
                                                                                                                                                                                  • Instruction ID: ca01aab8df9a95ef2b49a004635c61022bb8807da99e4c34676529df0d97b10b
                                                                                                                                                                                  • Opcode Fuzzy Hash: 07d32b7aba8f9e8937063ca8e881b2aa3f7910000644b7b4467bfa3a097cb330
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1DF01534902528EBEF20EF80ED48BADBBB8FB01305F554195A508A20A0CB711F94DA12
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • SetFileAttributesW.KERNELBASE(00000000,00000080,?,00000000,?,?,?), ref: 00B2E329
                                                                                                                                                                                  • CreateFileW.KERNELBASE(00000000,40000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?,?,?), ref: 00B2E341
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: File$AttributesCreate
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 415043291-0
                                                                                                                                                                                  • Opcode ID: 346a80444c64dcaf7493bd65c72d66c651475dc6a1dcc4975918209b9ed799f9
                                                                                                                                                                                  • Instruction ID: 4c09b25b89c75d93d9bf2b01abb27d0e13130a6dd615bcffd8d108b283f1431e
                                                                                                                                                                                  • Opcode Fuzzy Hash: 346a80444c64dcaf7493bd65c72d66c651475dc6a1dcc4975918209b9ed799f9
                                                                                                                                                                                  • Instruction Fuzzy Hash: 70E01234540B14FBEB339B62ED45B683AA1FB04B52F604561F669AA0E0C770EA40DA0D
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CreateThread
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2422867632-0
                                                                                                                                                                                  • Opcode ID: a0326bbe96647e42bb3411a8b8133130c8129a839805c98acc133c7a945e350d
                                                                                                                                                                                  • Instruction ID: b4e50358e843eba9b3377196fcaedb056de0fdbd44d3d7f8876c4fd5cb8492f1
                                                                                                                                                                                  • Opcode Fuzzy Hash: a0326bbe96647e42bb3411a8b8133130c8129a839805c98acc133c7a945e350d
                                                                                                                                                                                  • Instruction Fuzzy Hash: A5617974D1060AEBDF20AF94EC95BAEBBF4FF15304F2001A5E901762A1DB716A40DF51
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • RtlCreateHeap.NTDLL(00041002,00000000,00000000,00000000,00000000,00000000,B00CA72F,?,?,00B3948F), ref: 00B263C5
                                                                                                                                                                                    • Part of subcall function 00B25DB0: RtlAllocateHeap.NTDLL(?,00000000,00000010,00000000,00000000,00000000,00000000,?,?,00B263FC,00B4540C,00B25EE8,00000000,00000000,2663F81C), ref: 00B25DF4
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Heap$AllocateCreate
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2875408731-0
                                                                                                                                                                                  • Opcode ID: 1881a45126b9b250c9c98bfc74c0427fdfb83759663c08d4ee8e802acefeda1f
                                                                                                                                                                                  • Instruction ID: c8570d424e71e9a1d46c67e786d2252b9ae6388c6fb9f143614a66a036a63466
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1881a45126b9b250c9c98bfc74c0427fdfb83759663c08d4ee8e802acefeda1f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 593165707C7FB072443032663C0FEAF0EED9ED2FA578101E4788C750AB88A46540A4B9
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • OpenSCManagerW.ADVAPI32(00000000,00000000,00000004), ref: 00B27C8F
                                                                                                                                                                                    • Part of subcall function 00B26830: RtlAllocateHeap.NTDLL(?,00000008,00000000,?,00B376B5,?,00000000,00000000), ref: 00B26841
                                                                                                                                                                                    • Part of subcall function 00B2DBBC: NtTerminateProcess.NTDLL(00B27D88,00000000), ref: 00B2DC1F
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AllocateHeapManagerOpenProcessTerminate
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3645570960-0
                                                                                                                                                                                  • Opcode ID: 448add46ef9be58461010596a1587832d1445f7af4bd8990b183b60bbf9e7bc4
                                                                                                                                                                                  • Instruction ID: e3d2d9051a3b50eeb88ca8cb77ba479d5d58d129682f9991e7366a413f9b1c91
                                                                                                                                                                                  • Opcode Fuzzy Hash: 448add46ef9be58461010596a1587832d1445f7af4bd8990b183b60bbf9e7bc4
                                                                                                                                                                                  • Instruction Fuzzy Hash: BE41F571980618FBEB219F90EC0ABEDBBB9FF04701F5040A5F604BA0E1DBB15A50DB59
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 00B25C34: FindFirstFileW.KERNELBASE(?,?,?,00000004,?), ref: 00B25D07
                                                                                                                                                                                    • Part of subcall function 00B25C34: FindClose.KERNELBASE(000000FF,?,00000000), ref: 00B25D2C
                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(?,00000000,00000010,00000000,00000000,00000000,00000000,?,?,00B263FC,00B4540C,00B25EE8,00000000,00000000,2663F81C), ref: 00B25DF4
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Find$AllocateCloseFileFirstHeap
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1673784098-0
                                                                                                                                                                                  • Opcode ID: 958f2f53570a6db92af42431be29969dc89f504488b743a2a58f792ba3110137
                                                                                                                                                                                  • Instruction ID: 5d0e6f885746a2acf11e5b0a9fc2c727f34091449c1c6a26cced4ddc7bc6c488
                                                                                                                                                                                  • Opcode Fuzzy Hash: 958f2f53570a6db92af42431be29969dc89f504488b743a2a58f792ba3110137
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8331EF312047669EDB309F28A881752FAD5BF11310F19C7E9E10CCF293E6B184D0CB96
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 00B2900C: RtlAdjustPrivilege.NTDLL(00000014,00000001,00000000,00000000), ref: 00B2902E
                                                                                                                                                                                  • CloseServiceHandle.ADVAPI32(00000000), ref: 00B2917F
                                                                                                                                                                                    • Part of subcall function 00B2DBBC: NtTerminateProcess.NTDLL(00B27D88,00000000), ref: 00B2DC1F
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AdjustCloseHandlePrivilegeProcessServiceTerminate
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3176663195-0
                                                                                                                                                                                  • Opcode ID: 04a4ed52bfd8bc07e84a653646af04f1530f0d78b67b70ef814693cb4ea72fa2
                                                                                                                                                                                  • Instruction ID: 70ed3d9ee9a46a1cd8e0f87cc969dce4f6471d495982fa5a8a1395263fb4003e
                                                                                                                                                                                  • Opcode Fuzzy Hash: 04a4ed52bfd8bc07e84a653646af04f1530f0d78b67b70ef814693cb4ea72fa2
                                                                                                                                                                                  • Instruction Fuzzy Hash: F0310970940618FBEB209FA0EC4DB9DBBB8FF05306F4140A4F608BB1A1DB759A94DB51
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 6e8f0d62a5cccf28de65de8a405ba2e4bc7869e55e6472e579cbefe49309a3f7
                                                                                                                                                                                  • Instruction ID: a34df6630ad0889acb8342c909962e930541064d9713652fc6f2c3dcf1b0e857
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6e8f0d62a5cccf28de65de8a405ba2e4bc7869e55e6472e579cbefe49309a3f7
                                                                                                                                                                                  • Instruction Fuzzy Hash: 83210B71D4121CEFDB219F54ED45BAD7BB0FF25305F2040F5E9086A2A1EB714A949B44
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • CoInitialize.OLE32(00000000,?,?,?,?,00000000), ref: 00B2F7B7
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Initialize
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2538663250-0
                                                                                                                                                                                  • Opcode ID: a7786bdb94821973582725a544ff4533c8bdd28275ac8375a1fdea73a8debd56
                                                                                                                                                                                  • Instruction ID: cfdc7ab8a715278b22ca0be3a123b59f99fef762e8e205a73cf63a1413afb151
                                                                                                                                                                                  • Opcode Fuzzy Hash: a7786bdb94821973582725a544ff4533c8bdd28275ac8375a1fdea73a8debd56
                                                                                                                                                                                  • Instruction Fuzzy Hash: 18C14DB094061AEFDB10DF90EC48BAABBB8FF12304F1184A5E519AF262D775DA44CF54
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • CreateMutexW.KERNELBASE(0000000C,00000001,00000000), ref: 00B29C1B
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CreateMutex
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1964310414-0
                                                                                                                                                                                  • Opcode ID: cfc787f9360ac1b6e376e8bec0d7c1f7d59c3b6f1dfb9509b6e0ab6ab542b542
                                                                                                                                                                                  • Instruction ID: 102779a19e376ecdcc16a544b85ae503a18615b4267892b223f00b38717a0b28
                                                                                                                                                                                  • Opcode Fuzzy Hash: cfc787f9360ac1b6e376e8bec0d7c1f7d59c3b6f1dfb9509b6e0ab6ab542b542
                                                                                                                                                                                  • Instruction Fuzzy Hash: B3116578804A18EFEB21DBA0FC4AB687BB5FF06301F140195F548AB1E2DBB11B40DB55
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • RtlAdjustPrivilege.NTDLL(00000014,00000001,00000000,00000000), ref: 00B2902E
                                                                                                                                                                                    • Part of subcall function 00B297A8: NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 00B297D5
                                                                                                                                                                                    • Part of subcall function 00B29850: NtClose.NTDLL(00000000), ref: 00B29941
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AdjustCloseInformationPrivilegeQuerySystem
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 327775174-0
                                                                                                                                                                                  • Opcode ID: 67b799c897aff5170c24a52d45659e13d984c8c3c44914ec2e69e25406f3180c
                                                                                                                                                                                  • Instruction ID: d0c3fc0e4c1474f121c42dde01169f9c0b9f64185948040b9f912c01edd79de5
                                                                                                                                                                                  • Opcode Fuzzy Hash: 67b799c897aff5170c24a52d45659e13d984c8c3c44914ec2e69e25406f3180c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 15012C70A50618BBEB209BA4DC4EBDEBBB8AB00715F104194B61DEB2D1E7B54A84CB51
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • RtlAdjustPrivilege.NTDLL(00000000,00000001,00000000,?), ref: 00B2B683
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AdjustPrivilege
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3260937286-0
                                                                                                                                                                                  • Opcode ID: a6d5c14a5f9ce4d7209c4c82ae9dcfbea5c949cb116572a64d17e6cb21c4947c
                                                                                                                                                                                  • Instruction ID: 8631d45f1e38b6169250f0d2f4808da374affe8adf8ce04168a142e9d9b07978
                                                                                                                                                                                  • Opcode Fuzzy Hash: a6d5c14a5f9ce4d7209c4c82ae9dcfbea5c949cb116572a64d17e6cb21c4947c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 22D02E3220862AA7DA3206647C81FF2B3DCC301321F000396AE0BEB1C4EF62AE8502D5
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • RtlReAllocateHeap.NTDLL(?,00000008,?,00000400,?,00B297F5,?,00000400), ref: 00B2687C
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                                                  • Opcode ID: d9b8ed9b8e8e21840349bf46348c879a797438c443a5a902d07f8b9b7748b2cf
                                                                                                                                                                                  • Instruction ID: 7db4a2a4877daea0e46b3ffd16d0d85fda1b3129c3108db62dc3e859c1e023a5
                                                                                                                                                                                  • Opcode Fuzzy Hash: d9b8ed9b8e8e21840349bf46348c879a797438c443a5a902d07f8b9b7748b2cf
                                                                                                                                                                                  • Instruction Fuzzy Hash: 18C0123A080A08ABCA406F94AC0AE8A7B68BB28301F00C000B7084A122CA32E5A49B90
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(?,00000008,00000000,?,00B376B5,?,00000000,00000000), ref: 00B26841
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                                                  • Opcode ID: 6cb13f3da02b0fef1f492793f028cd220fe60e7f4fef481fea0f235b5bb55c58
                                                                                                                                                                                  • Instruction ID: ca4c1e9d4ced6dfe55e55f4c12abdeb25ad1a951ce4ea6abde9e2d423d870cab
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6cb13f3da02b0fef1f492793f028cd220fe60e7f4fef481fea0f235b5bb55c58
                                                                                                                                                                                  • Instruction Fuzzy Hash: EEC08C36080A08ABC6006B94A80AEC6375CAB24312F008010B3084B122CA31E49087A4
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • RtlFreeHeap.NTDLL(?,00000000,00000000,?,00B37745,00000000), ref: 00B2685D
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: FreeHeap
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3298025750-0
                                                                                                                                                                                  • Opcode ID: 58e8c5e8ec83e598bf6691de8ff070b70ebdb15f907f24bc7c90a7b176fdf3f7
                                                                                                                                                                                  • Instruction ID: 0084ef457a77d09261e544e0f824866aff3449176337efdf73109ca572244baa
                                                                                                                                                                                  • Opcode Fuzzy Hash: 58e8c5e8ec83e598bf6691de8ff070b70ebdb15f907f24bc7c90a7b176fdf3f7
                                                                                                                                                                                  • Instruction Fuzzy Hash: 30C04C7654061CABC6106B94AC05F86779CAB68741F414451B7084B162CA75E5909799
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetLogicalDriveStringsW.KERNELBASE(?,?), ref: 00B2A44B
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: DriveLogicalStrings
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2022863570-0
                                                                                                                                                                                  • Opcode ID: a94a6af7391a6a4eb64dd9007c7bc2d59142a779bc4f047b213451de82decaf9
                                                                                                                                                                                  • Instruction ID: 3f93f8a1354e868ab7a053870cdc38e06eee56d1a54a9229f6fc89d45617de94
                                                                                                                                                                                  • Opcode Fuzzy Hash: a94a6af7391a6a4eb64dd9007c7bc2d59142a779bc4f047b213451de82decaf9
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8AC0923A010608EF8B019F88ED48C95BFEAFB297007048061F6084B132CB32E920EB95
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetDriveTypeW.KERNELBASE(?), ref: 00B2A186
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: DriveType
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 338552980-0
                                                                                                                                                                                  • Opcode ID: b4b143b32a3134b93b8ea00041bc7aa4ef60444c9cfc8a2fbe7e966ce31fce00
                                                                                                                                                                                  • Instruction ID: 514af8c4c0c0bbdbad8252c85faf22d8c8d032849d869bc52326ea6d4dcbc814
                                                                                                                                                                                  • Opcode Fuzzy Hash: b4b143b32a3134b93b8ea00041bc7aa4ef60444c9cfc8a2fbe7e966ce31fce00
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2DB0123100050CA786005B45EC048957F5DE7212617004021F508010218B325561D594
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • CoInitialize.OLE32(00000000), ref: 00B27823
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Initialize
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2538663250-0
                                                                                                                                                                                  • Opcode ID: 9ade87b98986082aa915fd14f626aeb82cb45b415adb4b05f16cc8925fb590eb
                                                                                                                                                                                  • Instruction ID: f7dd8e0235072a6b5b4d6d33019c72fb50f47e255d1222ce0850b414d5173e6b
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9ade87b98986082aa915fd14f626aeb82cb45b415adb4b05f16cc8925fb590eb
                                                                                                                                                                                  • Instruction Fuzzy Hash: 388113B0450314EFD754EF50E989A4ABFB8EF66314F1689D8E0286F262C776CA44CF54
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • Sleep.KERNELBASE(000000C8,?,?,00B2E361,00000000,?,00000000,?,?,?), ref: 00B2DDC7
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Sleep
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3472027048-0
                                                                                                                                                                                  • Opcode ID: 6c90045521bab5336ba0ac442191ea5f62d54dd3cb273299dbb7119692c2fe3d
                                                                                                                                                                                  • Instruction ID: 68334357be8538cf41c2004765d9859c06e00e7821f7cde89d3f002f193511d1
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6c90045521bab5336ba0ac442191ea5f62d54dd3cb273299dbb7119692c2fe3d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 89D0A731645B1417D7103AE87CC191EF689EB61350F004372FA0842102CDA1C8144150
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: e516584e074c5a2125c7e82866edd252bef83ea4cf7a42c3dceeb197cb2da15a
                                                                                                                                                                                  • Instruction ID: ea2d8787c295e8cfb0d4fe5c81b8d97211bc521faab00a5964b450ea9c8ce434
                                                                                                                                                                                  • Opcode Fuzzy Hash: e516584e074c5a2125c7e82866edd252bef83ea4cf7a42c3dceeb197cb2da15a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 21E1237AA20D438BD729DF18ECC0625B3E2FB99700F1A8578C61587B55C739F962CB80
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 5ae1b344ce7eabeca7d5a0e2004a9b7e15b356c338447e056007cc76e97bc746
                                                                                                                                                                                  • Instruction ID: 0cf82cfc98aaad93dd7febd3f292b26fc77f3b35a365c171572488f5bb4068b3
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5ae1b344ce7eabeca7d5a0e2004a9b7e15b356c338447e056007cc76e97bc746
                                                                                                                                                                                  • Instruction Fuzzy Hash: 76D1F3719083918FC790DF29D48065AF7E0FFD8348F549A1EE9D9D3211E770EA998B82
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 171234565bd5bc75efb2028b311f00f29161a4f0fd1164c13319119ddf71a6ec
                                                                                                                                                                                  • Instruction ID: b00808faaa1e6484e9d3ff4a840ab82ff7243d43a14be6899e2382a5db928535
                                                                                                                                                                                  • Opcode Fuzzy Hash: 171234565bd5bc75efb2028b311f00f29161a4f0fd1164c13319119ddf71a6ec
                                                                                                                                                                                  • Instruction Fuzzy Hash: 02D1247AE2054A8BD724CF58ECD1B7AB3B2FB98700F098538CB1197755CA34BA12DB50
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: fc0920682c00c5f6f0b8ffb7da6b3a638b8b3a8ac68867a5ae347e804635d451
                                                                                                                                                                                  • Instruction ID: f4c26ccb08056284aeef40c0d8b627341a26b78aefbe343004c8d8097d83d53c
                                                                                                                                                                                  • Opcode Fuzzy Hash: fc0920682c00c5f6f0b8ffb7da6b3a638b8b3a8ac68867a5ae347e804635d451
                                                                                                                                                                                  • Instruction Fuzzy Hash: 83315516B8B53646FF35E450B6826F7A2C4E71C7A3DDD05E3C94E732C24C180EA39652
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: a037a1e09d764c6210cf587f81ad976d574fc5c4dbf6538105aeb1a1643fe8c1
                                                                                                                                                                                  • Instruction ID: c0e7ae441fdda9daaa9e0788dbacc3986c042245da050411d62ab364c16e47e3
                                                                                                                                                                                  • Opcode Fuzzy Hash: a037a1e09d764c6210cf587f81ad976d574fc5c4dbf6538105aeb1a1643fe8c1
                                                                                                                                                                                  • Instruction Fuzzy Hash: E33118B6A11E069BC328CF19D884925F7E2FF9D310716CA29C96D87F51C734F951CA80
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2324569325.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2324539216.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324605887.0000000000B3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324648919.0000000000B3B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324689687.0000000000B44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324729121.0000000000B46000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2324760537.0000000000B47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_b20000_c8JakemodH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 6e9e9d037a559c25274071be2e09c2d3cf2f15b9f66fb5d997d9d64617e40bf4
                                                                                                                                                                                  • Instruction ID: e21bb0b9158e6e3a22e74da82624351a7d9e7659f77d28681cae9a5e5b8370d5
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6e9e9d037a559c25274071be2e09c2d3cf2f15b9f66fb5d997d9d64617e40bf4
                                                                                                                                                                                  • Instruction Fuzzy Hash: F9E09ABB20D3021BF928810574533A78287C380275E25889EE906DF180EF1BE8A52045
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                  Execution Coverage:32.4%
                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                  Signature Coverage:0%
                                                                                                                                                                                  Total number of Nodes:160
                                                                                                                                                                                  Total number of Limit Nodes:1
                                                                                                                                                                                  execution_graph 890 403983 893 40389c 890->893 902 402a78 893->902 897 403903 932 4022dc 897->932 938 4028ba 902->938 904 402a9e 904->897 907 4026c0 904->907 905 402af0 CreateMutexW 905->904 952 4024f8 907->952 909 402729 909->897 913 402f18 909->913 910 4026e7 CreateFileW 910->909 911 40270b ReadFile 910->911 911->909 914 402f2e 913->914 914->914 956 40227c FindFirstFileExW 914->956 915 402f67 CreateFileW 917 402f57 915->917 920 402faf 915->920 916 402faa 919 4030c5 NtFreeVirtualMemory 916->919 921 4030ed 916->921 917->915 917->916 918 402fb4 NtAllocateVirtualMemory 918->920 927 402fe8 918->927 919->916 920->918 920->927 922 4030f3 NtClose 921->922 923 4030ff 921->923 922->923 958 402e10 923->958 925 40311f 925->897 926 40304b WriteFile 926->927 928 403068 SetFilePointerEx 926->928 927->916 927->926 929 403095 SetFilePointerEx 927->929 928->926 928->927 929->927 933 402303 932->933 934 402335 GetShortPathNameW 933->934 935 402330 27 API calls 933->935 934->935 936 40235e 934->936 936->935 937 40246d ShellExecuteW 936->937 937->935 939 4028dd 938->939 942 402760 CreateFileW 939->942 943 4027da 942->943 944 402797 942->944 945 402802 943->945 946 4027f6 NtClose 943->946 944->943 950 4020bc 944->950 945->904 945->905 946->945 947 4027b7 947->943 948 4027c0 ReadFile 947->948 948->943 951 4020c8 RtlAllocateHeap 950->951 951->947 953 402512 952->953 955 402760 4 API calls 953->955 954 402522 954->909 954->910 955->954 957 4022af 956->957 957->917 960 402e2e 958->960 959 402e37 DeleteFileW 959->925 960->959 960->960 961 402e7c MoveFileExW 960->961 961->959 961->960 962 403956 963 403963 962->963 964 403976 962->964 971 4019d4 963->971 1009 4016b4 971->1009 974 4016b4 9 API calls 975 4019f4 974->975 976 4016b4 9 API calls 975->976 977 401a05 976->977 978 4016b4 9 API calls 977->978 979 401a16 978->979 980 4016b4 9 API calls 979->980 981 401a27 980->981 982 4016b4 9 API calls 981->982 983 401a38 982->983 984 401b70 RtlCreateHeap 983->984 985 401ba6 RtlCreateHeap 984->985 995 401ba1 984->995 986 401bcb 985->986 985->995 986->995 1057 401a40 986->1057 988 401c03 989 401a40 RtlAllocateHeap 988->989 988->995 990 401c59 989->990 991 401a40 RtlAllocateHeap 990->991 990->995 992 401caf 991->992 993 401a40 RtlAllocateHeap 992->993 992->995 994 401d05 993->994 994->995 996 401a40 RtlAllocateHeap 994->996 1001 402812 995->1001 1005 402836 995->1005 997 401d55 996->997 997->995 1062 401d94 997->1062 998 401d7a 1065 401dc2 998->1065 1002 402836 1001->1002 1003 402850 RtlAdjustPrivilege 1002->1003 1004 40284e 1002->1004 1003->1002 1003->1004 1004->964 1006 402849 1005->1006 1007 402850 RtlAdjustPrivilege 1006->1007 1008 40284e 1006->1008 1007->1006 1007->1008 1008->964 1010 40176f 1009->1010 1011 4016cf 1009->1011 1010->974 1012 4016f5 NtAllocateVirtualMemory 1011->1012 1035 401000 1011->1035 1012->1010 1014 40172f NtAllocateVirtualMemory 1012->1014 1014->1010 1016 401752 1014->1016 1020 40152c 1016->1020 1018 40175f 1018->1010 1019 401000 3 API calls 1018->1019 1019->1018 1021 401540 1020->1021 1022 401558 1020->1022 1023 401000 3 API calls 1021->1023 1024 401000 3 API calls 1022->1024 1025 40157e 1022->1025 1023->1022 1024->1025 1026 401000 3 API calls 1025->1026 1029 4015a4 1025->1029 1026->1029 1027 4015ed FindFirstFileExW 1027->1029 1028 40166c 1028->1018 1029->1027 1029->1028 1030 401649 FindNextFileW 1029->1030 1031 40162a FindClose 1029->1031 1030->1029 1033 40165d FindClose 1030->1033 1043 401474 1031->1043 1033->1029 1034 401641 1034->1018 1036 401012 1035->1036 1037 40102a 1035->1037 1038 401000 3 API calls 1036->1038 1039 401000 3 API calls 1037->1039 1040 401050 1037->1040 1038->1037 1039->1040 1041 4010fb 1040->1041 1046 401394 1040->1046 1041->1012 1044 40148a 1043->1044 1045 4014b8 LdrLoadDll 1044->1045 1045->1034 1047 4013ee 1046->1047 1048 4013be 1046->1048 1047->1041 1048->1047 1049 401474 LdrLoadDll 1048->1049 1050 4013d2 1049->1050 1050->1047 1050->1050 1052 4014d8 1050->1052 1053 4014ee 1052->1053 1054 40150f LdrGetProcedureAddress 1052->1054 1056 4014fa LdrGetProcedureAddress 1053->1056 1055 401521 1054->1055 1055->1047 1056->1055 1058 401a5d RtlAllocateHeap 1057->1058 1059 401a79 1058->1059 1060 401a85 1058->1060 1059->988 1060->1058 1061 401b5b 1060->1061 1061->988 1063 401da8 NtSetInformationThread 1062->1063 1063->998 1066 401de9 1065->1066 1067 401e12 1066->1067 1068 401df2 NtProtectVirtualMemory 1066->1068 1067->995 1068->1067 1083 402126 1084 402141 1083->1084 1085 4020bc RtlAllocateHeap 1084->1085 1086 402158 1084->1086 1085->1086 1069 4019b7 1070 4019e0 1069->1070 1071 4016b4 9 API calls 1069->1071 1072 4016b4 9 API calls 1070->1072 1071->1070 1073 4019f4 1072->1073 1074 4016b4 9 API calls 1073->1074 1075 401a05 1074->1075 1076 4016b4 9 API calls 1075->1076 1077 401a16 1076->1077 1078 4016b4 9 API calls 1077->1078 1079 401a27 1078->1079 1080 4016b4 9 API calls 1079->1080 1081 401a38 1080->1081 1082 40286c NtSetInformationProcess NtSetInformationProcess NtSetInformationProcess

                                                                                                                                                                                  Callgraph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  • Opacity -> Relevance
                                                                                                                                                                                  • Disassembly available
                                                                                                                                                                                  callgraph 0 Function_004026C0 38 Function_004024F8 0->38 1 Function_00401A40 39 Function_00401E78 1->39 2 Function_00401DC2 3 Function_004024C2 4 Function_00402B44 5 Function_00403144 6 Function_00401FC8 7 Function_00401F4C 8 Function_0040204C 9 Function_00402B50 10 Function_00401350 71 Function_00401130 10->71 11 Function_00402ED0 12 Function_004024D4 13 Function_004019D4 76 Function_004016B4 13->76 14 Function_00403956 14->13 33 Function_00401B70 14->33 54 Function_00402812 14->54 78 Function_00402836 14->78 15 Function_00403258 16 Function_004014D8 81 Function_00401438 16->81 17 Function_00401FDB 18 Function_004022DC 19 Function_0040205C 20 Function_00401F5C 21 Function_004020DE 22 Function_00402760 83 Function_004020BC 22->83 23 Function_004031E0 24 Function_00402264 25 Function_00401EE4 26 Function_004032E4 27 Function_004032E8 28 Function_00401868 29 Function_0040286C 30 Function_00401F6C 31 Function_00401B6E 32 Function_00401FEF 33->1 33->2 55 Function_00401D94 33->55 34 Function_00401472 35 Function_00401474 41 Function_004013F8 35->41 36 Function_004013F6 37 Function_00402A78 82 Function_004028BA 37->82 38->22 62 Function_00401E28 39->62 40 Function_00403478 42 Function_0040227C 43 Function_0040217C 44 Function_00402BFC 45 Function_00401000 45->7 45->10 45->25 45->45 56 Function_00401394 45->56 73 Function_00401EB0 45->73 46 Function_00402D80 47 Function_00403983 60 Function_0040389C 47->60 48 Function_00402003 49 Function_00402104 50 Function_00402C88 51 Function_00402E10 52 Function_00401190 52->71 53 Function_00401911 56->16 56->35 57 Function_00402017 58 Function_00402F18 58->42 58->51 59 Function_00401F9A 60->0 60->18 60->37 60->58 61 Function_00402126 61->83 63 Function_00402DA8 64 Function_0040152A 65 Function_0040202A 66 Function_0040152C 66->19 66->25 66->35 66->45 67 Function_00401F2C 66->67 68 Function_004018AD 69 Function_0040362E 70 Function_00401EAE 72 Function_00403230 74 Function_00401FB1 75 Function_004016B2 76->39 76->45 76->66 77 Function_00402234 79 Function_00401436 80 Function_004019B7 80->76 82->22 84 Function_00401A3E

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.2330698730.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.2330667822.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330725873.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330759139.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330790585.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_C9C8.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Text$Color$CreateWindow$Proc$CommandFontFreeHandleLibraryLineLoadMenuModule$AddressBitmapCharsetErrorExitInfoLastLocaleObjectProcessSelect
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3548022523-0
                                                                                                                                                                                  • Opcode ID: 75a7f395dfd15dd6a7f12e7587c497a330da91454d241e242464d6c2316bf13f
                                                                                                                                                                                  • Instruction ID: 44f13d8dc4ada08d969f55db554330e9d88bd117b0c18836a0928b418f5903af
                                                                                                                                                                                  • Opcode Fuzzy Hash: 75a7f395dfd15dd6a7f12e7587c497a330da91454d241e242464d6c2316bf13f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 89F0B724B651416AC500BFFB9947A0D6E2C6E8472BB50657EB0C1344E74D3C87009EAF
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 3 402f18-402f2b 4 402f2e-402f33 3->4 4->4 5 402f35-402f5b call 40227c 4->5 7 402f67-402f8c CreateFileW 5->7 8 402f5d-402f61 5->8 9 402f8e-402f96 7->9 10 402faf-402fb1 7->10 8->7 11 4030bb-4030bd 8->11 12 402f98-402fa6 9->12 13 402faa 9->13 14 402fb4-402fe0 NtAllocateVirtualMemory 10->14 15 4030c0-4030c3 11->15 12->13 27 402fa8 12->27 13->11 16 402fe2-402fed 14->16 17 402fe8 14->17 18 4030c5-4030e4 NtFreeVirtualMemory 15->18 19 4030e7-4030eb 15->19 28 403000-403003 16->28 29 402fef-402ffe 16->29 22 40301b-403020 17->22 18->19 19->15 23 4030ed-4030f1 19->23 26 403023-40302e 22->26 24 4030f3-4030fc NtClose 23->24 25 4030ff-40311d call 402e10 DeleteFileW 23->25 24->25 36 403126-40312a 25->36 37 40311f 25->37 30 403030-40303a 26->30 31 40303c 26->31 27->7 32 403015-403019 28->32 33 403005-403010 28->33 29->32 35 403041-403048 30->35 31->35 32->14 32->22 33->32 38 40304b-403064 WriteFile 35->38 39 403138-403141 36->39 40 40312c-403132 36->40 37->36 41 403066 38->41 42 403068-403088 SetFilePointerEx 38->42 40->39 43 40308a-403091 41->43 42->38 42->43 44 403093 43->44 45 403095-4030b6 SetFilePointerEx 43->45 44->11 45->26
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • CreateFileW.KERNELBASE(?,40000000,00000003,00000000,00000003,80000000,00000000), ref: 00402F82
                                                                                                                                                                                  • NtAllocateVirtualMemory.NTDLL(000000FF,00000000,00000000,00010000,00001000,00000004), ref: 00402FDB
                                                                                                                                                                                  • WriteFile.KERNELBASE(000000FF,00000000,00010000,00010000,00000000), ref: 0040305F
                                                                                                                                                                                  • SetFilePointerEx.KERNELBASE(000000FF,00010000,?,00000000,00000001), ref: 0040307E
                                                                                                                                                                                  • SetFilePointerEx.KERNELBASE(000000FF,00010000,00000000,00000000,00000000,?,00000000,00000001), ref: 004030B3
                                                                                                                                                                                  • NtFreeVirtualMemory.NTDLL(000000FF,00000000,00010000,00008000,?,00000000,00000001), ref: 004030E4
                                                                                                                                                                                  • NtClose.NTDLL(000000FF,?,00000000,00000001), ref: 004030FC
                                                                                                                                                                                  • DeleteFileW.KERNELBASE(?,?,00000000,00000001), ref: 00403118
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.2330698730.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.2330667822.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330725873.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330759139.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330790585.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_C9C8.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: File$MemoryPointerVirtual$AllocateCloseCreateDeleteFreeWrite
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 590822095-0
                                                                                                                                                                                  • Opcode ID: 52122dafd602033dbf0aaa267e6343e8fb4df09450a7f36494692c9b8865e816
                                                                                                                                                                                  • Instruction ID: 1b8bdb635f3090c090aca30f1047892238d11e79f8ef36d2dcee79009cce4089
                                                                                                                                                                                  • Opcode Fuzzy Hash: 52122dafd602033dbf0aaa267e6343e8fb4df09450a7f36494692c9b8865e816
                                                                                                                                                                                  • Instruction Fuzzy Hash: ED714871901209AFDB11CF90DD48BEEBB79FB08311F204266E511B62D4D3759E85CF99
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • FindFirstFileExW.KERNELBASE(C:\Windows\System32\*.dll,00000000,?,00000000,00000000,00000000), ref: 00401601
                                                                                                                                                                                  • FindClose.KERNELBASE(000000FF,?,00000000), ref: 0040162D
                                                                                                                                                                                  • FindNextFileW.KERNELBASE(000000FF,?,?,00000000), ref: 00401653
                                                                                                                                                                                  • FindClose.KERNEL32(000000FF), ref: 00401660
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.2330698730.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.2330667822.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330725873.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330759139.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330790585.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_C9C8.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Find$CloseFile$FirstNext
                                                                                                                                                                                  • String ID: C:\Windows\System32\*.dll
                                                                                                                                                                                  • API String ID: 1164774033-1305136377
                                                                                                                                                                                  • Opcode ID: bdb8730289e2ca857be386bc3c3ab385330ed8d95a663a52d2d02b9110bb0279
                                                                                                                                                                                  • Instruction ID: b8f602421e8d3e3309feb9384621a56ef9d54da146c7d7394d3b11ea37959a12
                                                                                                                                                                                  • Opcode Fuzzy Hash: bdb8730289e2ca857be386bc3c3ab385330ed8d95a663a52d2d02b9110bb0279
                                                                                                                                                                                  • Instruction Fuzzy Hash: 30418C71900608EFDB20AFA4DD48BAA77B4FB44325F608276E521BE1F0D7794A85DF48
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 82 402760-402795 CreateFileW 83 4027f0-4027f4 82->83 84 402797-4027a9 82->84 85 402802-40280b 83->85 86 4027f6-4027ff NtClose 83->86 84->83 88 4027ab-4027be call 4020bc 84->88 86->85 88->83 90 4027c0-4027d8 ReadFile 88->90 91 4027e4-4027ea 90->91 92 4027da-4027e2 90->92 91->83 92->83
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • CreateFileW.KERNELBASE(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 0040278B
                                                                                                                                                                                  • ReadFile.KERNELBASE(000000FF,00000000,00000000,00000000,00000000), ref: 004027D3
                                                                                                                                                                                  • NtClose.NTDLL(000000FF), ref: 004027FF
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.2330698730.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.2330667822.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330725873.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330759139.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330790585.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_C9C8.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: File$CloseCreateRead
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1419693385-0
                                                                                                                                                                                  • Opcode ID: da89fd3cbdd23a7ddbe5d8b9f381f279ea58f3e72d3b71a90626c9ff8252170d
                                                                                                                                                                                  • Instruction ID: da411bd40fb0d6d878d2d447c4e829303a7e8bd202b0d35ae7576ead56d2946b
                                                                                                                                                                                  • Opcode Fuzzy Hash: da89fd3cbdd23a7ddbe5d8b9f381f279ea58f3e72d3b71a90626c9ff8252170d
                                                                                                                                                                                  • Instruction Fuzzy Hash: CA211A35601209EBDB10CF94DD89B9EBB75FF08310F2082A5A510AB2E1D7719E51DF94
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 94 40286c-4028b9 NtSetInformationProcess * 3
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • NtSetInformationProcess.NTDLL(000000FF,00000021,?,00000004), ref: 00402888
                                                                                                                                                                                  • NtSetInformationProcess.NTDLL(000000FF,00000012,00000000,00000002,?,00000004), ref: 0040289D
                                                                                                                                                                                  • NtSetInformationProcess.NTDLL(000000FF,0000000C,00000000,00000004,?,00000004), ref: 004028B5
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.2330698730.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.2330667822.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330725873.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330759139.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330790585.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_C9C8.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InformationProcess
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1801817001-0
                                                                                                                                                                                  • Opcode ID: b71ac733508e6e437ba76d930e61bde730921b23b00966883a2217b3d9eaec84
                                                                                                                                                                                  • Instruction ID: 48adbd17ca007e7691ff2066b81a5959555298f4bd9a539b6f325b5cfe831ef7
                                                                                                                                                                                  • Opcode Fuzzy Hash: b71ac733508e6e437ba76d930e61bde730921b23b00966883a2217b3d9eaec84
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2BF0F871141610EBEB15DB84DDC9F9637A8FB09720F2403A1F2319E1E6D3B0A484CF96
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 95 401dc2-401df0 97 401e21-401e27 95->97 98 401df2-401e10 NtProtectVirtualMemory 95->98 98->97 99 401e12-401e1f 98->99 99->97
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • NtProtectVirtualMemory.NTDLL(000000FF,00000000,00000020,00000040,?), ref: 00401E0B
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.2330698730.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.2330667822.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330725873.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330759139.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330790585.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_C9C8.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: MemoryProtectVirtual
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2706961497-3916222277
                                                                                                                                                                                  • Opcode ID: 743ccc95185ac25335bad8a24ea2ffb6d91b2a6f6c30658889cc31c7cdbad58c
                                                                                                                                                                                  • Instruction ID: 836d3446d31acb3b31e0b6cd8f4ee088cd02c28435d2c0c4ff934eaabbb3754d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 743ccc95185ac25335bad8a24ea2ffb6d91b2a6f6c30658889cc31c7cdbad58c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 72F03176500109ABDB00CF95D988BDFB7BCEB44324F2042A9EA14A72D1D7355E458B94
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 180 4016b4-4016c9 181 401859-401862 180->181 182 4016cf-4016d6 180->182 183 4016f5-401729 NtAllocateVirtualMemory 182->183 184 4016d8-4016f0 call 401000 182->184 183->181 186 40172f-40174c NtAllocateVirtualMemory 183->186 184->183 186->181 188 401752-40175a call 40152c 186->188 190 40175f-401761 188->190 190->181 191 401767-40176d 190->191 192 401774-401781 call 401000 191->192 193 40176f 191->193 196 401851-401854 192->196 197 401787-401798 call 401e78 192->197 193->181 196->191 200 4017c9-4017cc 197->200 201 40179a-4017c4 call 401e78 197->201 203 4017fa-4017fd 200->203 204 4017ce-4017f8 call 401e78 200->204 201->196 205 401815-401818 203->205 206 4017ff-401813 203->206 204->196 210 401830-401833 205->210 211 40181a-40182e 205->211 206->196 210->196 212 401835-40184b 210->212 211->196 212->196
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • NtAllocateVirtualMemory.NTDLL(000000FF,00000000,00000000,?,00103000,00000040), ref: 0040171F
                                                                                                                                                                                  • NtAllocateVirtualMemory.NTDLL(000000FF,00000000,00000000,00000000,00103000,00000004), ref: 00401742
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.2330698730.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.2330667822.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330725873.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330759139.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330790585.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_C9C8.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AllocateMemoryVirtual
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2167126740-0
                                                                                                                                                                                  • Opcode ID: 4a0fb159cb167e270aa132b3f88ebad20637f68d71e3a3db65f788631af4fc76
                                                                                                                                                                                  • Instruction ID: ad4b5e7ce53ce887a57ee0cc443bca07838dd3003dcb7b2c4dfa2ad75add82e8
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4a0fb159cb167e270aa132b3f88ebad20637f68d71e3a3db65f788631af4fc76
                                                                                                                                                                                  • Instruction Fuzzy Hash: E3416031904204DADF10EF58C884B9AB7A4FF05314F14C1BAE919EF2E6D7788A41CB6A
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 288 40227c-4022ad FindFirstFileExW 289 4022d2-4022d8 288->289 290 4022af-4022cf 288->290 290->289
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • FindFirstFileExW.KERNELBASE(?,00000000,?,00000000,00000000,00000000), ref: 004022A4
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.2330698730.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.2330667822.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330725873.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330759139.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330790585.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_C9C8.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: FileFindFirst
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1974802433-0
                                                                                                                                                                                  • Opcode ID: cdec62c82a5867c9461e13d27f073131a42764883e1863d73d8ab6d37f0e38bf
                                                                                                                                                                                  • Instruction ID: 55f0629c3eadcc188d8749e42e063c0b49bca1bc4f8f265f590f61ae6da82bee
                                                                                                                                                                                  • Opcode Fuzzy Hash: cdec62c82a5867c9461e13d27f073131a42764883e1863d73d8ab6d37f0e38bf
                                                                                                                                                                                  • Instruction Fuzzy Hash: BBF0C974902608EFDB10DF94CD49B9DFBB4EB48310F2082A5A918AB2A0D7715E91CF84
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • NtSetInformationThread.NTDLL(00000000,?,00000000,00000000), ref: 00401DBB
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.2330698730.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.2330667822.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330725873.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330759139.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330790585.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_C9C8.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InformationThread
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 4046476035-0
                                                                                                                                                                                  • Opcode ID: 2ec57d8305034ae4dcd04f6f280aec29aa5e37325b0f502564d07dd60a6e8475
                                                                                                                                                                                  • Instruction ID: 482b214da63c1bafeb7c1bb62a0bbbc62c262419b9af6fea3894fce228737229
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2ec57d8305034ae4dcd04f6f280aec29aa5e37325b0f502564d07dd60a6e8475
                                                                                                                                                                                  • Instruction Fuzzy Hash: FEE05E329A020DAFD710DB50DC45FBB376DEB55311F508236B5029A1E0D6B8F891DA98
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 100 401b70-401b9f RtlCreateHeap 101 401ba1 100->101 102 401ba6-401bc4 RtlCreateHeap 100->102 103 401d8a-401d90 101->103 104 401bc6 102->104 105 401bcb-401be7 102->105 104->103 107 401be9 105->107 108 401bee-401c05 call 401a40 105->108 107->103 111 401c07 108->111 112 401c0c-401c3d 108->112 111->103 115 401c44-401c5b call 401a40 112->115 116 401c3f 112->116 119 401c62-401c93 115->119 120 401c5d 115->120 116->103 123 401c95 119->123 124 401c9a-401cb1 call 401a40 119->124 120->103 123->103 127 401cb3 124->127 128 401cb8-401ce9 124->128 127->103 131 401cf0-401d07 call 401a40 128->131 132 401ceb 128->132 135 401d09 131->135 136 401d0b-401d3c 131->136 132->103 135->103 139 401d40-401d57 call 401a40 136->139 140 401d3e 136->140 143 401d59 139->143 144 401d5b-401d80 call 401d94 call 401dc2 139->144 140->103 143->103 147 401d83 144->147 147->103
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • RtlCreateHeap.NTDLL(00001002,00000000,00000000,00000000,00000000,00000000), ref: 00401B96
                                                                                                                                                                                  • RtlCreateHeap.NTDLL(00041002,00000000,00000000,00000000,00000000,00000000), ref: 00401BBB
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.2330698730.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.2330667822.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330725873.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330759139.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330790585.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_C9C8.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CreateHeap
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 10892065-0
                                                                                                                                                                                  • Opcode ID: 453bda9d08a0096fe53e6a5bcc4a475ef93f8d776735eeddf63228c397926240
                                                                                                                                                                                  • Instruction ID: eac1ce902914894448f3c06d12ced00cbe17960004271ddceb971b2a38276b5e
                                                                                                                                                                                  • Opcode Fuzzy Hash: 453bda9d08a0096fe53e6a5bcc4a475ef93f8d776735eeddf63228c397926240
                                                                                                                                                                                  • Instruction Fuzzy Hash: 34513034A80A04FBD7109B60ED09B5B7770FF18701F2086BAE6117A2F1D775A5859F8D
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 150 4022dc-40232e 154 402330 150->154 155 402335-402347 GetShortPathNameW 150->155 156 402483-402487 154->156 157 402349-402359 155->157 158 40235e-402380 155->158 159 402495-402499 156->159 160 402489-40248f 156->160 157->156 168 402382 158->168 169 402387-402425 158->169 163 4024a7-4024ab 159->163 164 40249b-4024a1 159->164 160->159 165 4024b9-4024bf 163->165 166 4024ad-4024b3 163->166 164->163 166->165 168->156 175 402427 169->175 176 402429-402481 ShellExecuteW 169->176 175->156 176->156
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetShortPathNameW.KERNELBASE(00000000,00000000,?), ref: 00402340
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.2330698730.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.2330667822.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330725873.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330759139.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330790585.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_C9C8.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: NamePathShort
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1295925010-0
                                                                                                                                                                                  • Opcode ID: a0a4f684a9d9108a63d91a30c19249ae39ae68594d14297edb71c581cb82e24b
                                                                                                                                                                                  • Instruction ID: 5bcac900e59d09c9622bdf940851d370624af246baed8abb1bc217228d1f7e1b
                                                                                                                                                                                  • Opcode Fuzzy Hash: a0a4f684a9d9108a63d91a30c19249ae39ae68594d14297edb71c581cb82e24b
                                                                                                                                                                                  • Instruction Fuzzy Hash: B6514E75900606EFDB00DF90E948B9EFB71FF48301F2082A9E6156B2A1C375AA91DFC5
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 213 4026c0-4026e5 call 4024f8 215 402730-402734 213->215 216 4026e7-402709 CreateFileW 213->216 218 402742-402746 215->218 219 402736-40273c 215->219 216->215 217 40270b-402727 ReadFile 216->217 217->215 220 402729 217->220 221 402754-40275a 218->221 222 402748-40274e 218->222 219->218 220->215 222->221
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • CreateFileW.KERNELBASE(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 004026FF
                                                                                                                                                                                  • ReadFile.KERNELBASE(000000FF,000000FF,0000021C,?,00000000), ref: 00402722
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.2330698730.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.2330667822.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330725873.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330759139.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330790585.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_C9C8.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: File$CreateRead
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3388366904-0
                                                                                                                                                                                  • Opcode ID: 64d441af2ae5f8cd80c02da2bb5cacaba4a8c0a7bb8fd120945ed4e9a720f5dc
                                                                                                                                                                                  • Instruction ID: dec784d2d3492f4c007a4c80bb83cd8b4abde05e7af7cfb80cb91198c32a9eba
                                                                                                                                                                                  • Opcode Fuzzy Hash: 64d441af2ae5f8cd80c02da2bb5cacaba4a8c0a7bb8fd120945ed4e9a720f5dc
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7511D774910209EFDB10DF94DD48B9FBBB5FB08311F2046A9A524B62E1D7B15A91CF84
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 224 401a40-401a5a 225 401a5d-401a77 RtlAllocateHeap 224->225 226 401a85-401a94 call 401e78 225->226 227 401a79-401a82 225->227 230 401ac5-401ac8 226->230 231 401a96-401ac0 call 401e78 226->231 233 401af6-401af9 230->233 234 401aca-401af4 call 401e78 230->234 239 401b4d-401b55 231->239 237 401b11-401b14 233->237 238 401afb-401b0f 233->238 234->239 241 401b16-401b2a 237->241 242 401b2c-401b2f 237->242 238->239 239->225 243 401b5b-401b6b 239->243 241->239 242->239 244 401b31-401b47 242->244 244->239
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,00000008,00000010), ref: 00401A6D
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.2330698730.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.2330667822.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330725873.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330759139.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330790585.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_C9C8.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                                                  • Opcode ID: 3090814481001f51fad53404be7bb9f089635e5ecf5702693e45b6397da5dce2
                                                                                                                                                                                  • Instruction ID: 68c0462a3af62cc3e50a8e225ecc1fff045641083c52707b2e4de1a33f1d8fac
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3090814481001f51fad53404be7bb9f089635e5ecf5702693e45b6397da5dce2
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9F316935A14308DFDB10CF99C488E99F7F1BF24320F15D0AAD508AB2B2D7B59950DB4A
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 245 402e10-402e35 247 402e37 245->247 248 402e39-402e4e 245->248 249 402eab-402eb7 247->249 253 402e50 248->253 254 402e52-402e57 248->254 250 402ec5-402eca 249->250 251 402eb9-402ebf 249->251 251->250 253->249 255 402e5c-402e6d 254->255 257 402e70-402e7a 255->257 257->257 258 402e7c-402e8f MoveFileExW 257->258 259 402e91 258->259 260 402e93-402ea9 258->260 259->249 260->249 260->255
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.2330698730.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.2330667822.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330725873.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330759139.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330790585.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_C9C8.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 2ec2b1c2d5d64686e5e6a52de2e159d7ebe58570cf782c44f0051c3652f2bf9a
                                                                                                                                                                                  • Instruction ID: 64be472d3da9365df722bb42b6a14b0a0006b9682bbf08d732ce7ada7e71b141
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2ec2b1c2d5d64686e5e6a52de2e159d7ebe58570cf782c44f0051c3652f2bf9a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8A214C71940208EFDB109F90DE49B9ABB71FF18301F2081BAE505AA2E1D3759E91DF89
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 262 402a78-402a9c call 4028ba 264 402aa3-402ac2 262->264 265 402a9e 262->265 270 402ac4-402ad3 264->270 271 402ad5-402ae0 264->271 266 402b28-402b2c 265->266 267 402b3a-402b40 266->267 268 402b2e-402b34 266->268 268->267 270->266 274 402ae2-402ae8 271->274 275 402aea 271->275 276 402af0-402b1f CreateMutexW 274->276 275->276 276->266 277 402b21 276->277 277->266
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.2330698730.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.2330667822.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330725873.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330759139.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330790585.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_C9C8.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 76ac4189c2e983f292498be2e35779ead737e5081f8c929ef40d6d428a78efce
                                                                                                                                                                                  • Instruction ID: 5f31ce468cef0475a522e9655e813cee8f96e501922e94d34a843d9ecc1c4f5f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 76ac4189c2e983f292498be2e35779ead737e5081f8c929ef40d6d428a78efce
                                                                                                                                                                                  • Instruction Fuzzy Hash: A921F974901608EFDB00CF90EA8C79EBB71FF08301F6045A9E5017A2A0D7B95A85DF89
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 279 401474-401488 280 40148a-40148d 279->280 281 4014ac-4014b3 call 4013f8 279->281 282 401493-401498 280->282 285 4014b8-4014d2 LdrLoadDll 281->285 282->282 284 40149a-4014aa call 4013f8 282->284 284->285
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • LdrLoadDll.NTDLL(00000000,00000000,00000000,?), ref: 004014C4
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.2330698730.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.2330667822.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330725873.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330759139.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330790585.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_C9C8.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Load
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2234796835-0
                                                                                                                                                                                  • Opcode ID: cc821bb6490c49b643c0aee4c8a66cc2fb92e167f5171f05bab2522af16bb81c
                                                                                                                                                                                  • Instruction ID: 140de97a3c31e0856ca0b204e221eb1e366fb0b1d4fd9a07ba92ba20ce5f8dd4
                                                                                                                                                                                  • Opcode Fuzzy Hash: cc821bb6490c49b643c0aee4c8a66cc2fb92e167f5171f05bab2522af16bb81c
                                                                                                                                                                                  • Instruction Fuzzy Hash: F7F03C3690020DFADF10EAA4D848FDE77BCEB14314F0041A6E904B7190D238AA099BA5
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • RtlAdjustPrivilege.NTDLL(?,00000001,00000000,00000000), ref: 00402861
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.2330698730.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.2330667822.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330725873.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330759139.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330790585.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_C9C8.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AdjustPrivilege
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3260937286-0
                                                                                                                                                                                  • Opcode ID: b838e4be5c385c0dc624d50355c604d381d153ee0a89857c9e86ae645bc67477
                                                                                                                                                                                  • Instruction ID: 70193a9dbc7aa9cd3770003b3bb97339f6e2972f30e24310785a39762e1cef45
                                                                                                                                                                                  • Opcode Fuzzy Hash: b838e4be5c385c0dc624d50355c604d381d153ee0a89857c9e86ae645bc67477
                                                                                                                                                                                  • Instruction Fuzzy Hash: B9E0263251821AABCB20A2189E0CBA7739DD744314F1043B6A805F71D1EAF69A0A87DA
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(?,00000008,?), ref: 004020D7
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.2330698730.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.2330667822.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330725873.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330759139.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.2330790585.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_C9C8.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                                                  • Opcode ID: 37c2d1e8b064bb17fe79b9677c4ca25dfdae977e826a45f6764b5f2e7935cd48
                                                                                                                                                                                  • Instruction ID: 701e22a529f931561d5ec47da2ef603e250127bb9ab3ab4db12cbc5835053477
                                                                                                                                                                                  • Opcode Fuzzy Hash: 37c2d1e8b064bb17fe79b9677c4ca25dfdae977e826a45f6764b5f2e7935cd48
                                                                                                                                                                                  • Instruction Fuzzy Hash: 05D0C97A140609ABC6009F94E949D87F769FF58711B00C6A1BA045B222C630E890CFD4
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%